group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1772919] Re: pam-gnome-keyring.so reveals user’s password credential as a plaintext form

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1772919@xxxxxxxxxxxxxxxxxx>
Date: Tue, 26 Feb 2019 14:15:32 -0000
Reply-to: Bug 1772919 <1772919@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package gnome-keyring - 3.10.1-1ubuntu4.4

---------------
gnome-keyring (3.10.1-1ubuntu4.4) trusty-security; urgency=medium

  * SECURITY UPDATE: credentials exposed in memory (LP: #1772919)
    - debian/patches/CVE-2018-20781.patch: destroy the password in
      pam_sm_open_session in pam/gkr-pam-module.c.
    - CVE-2018-20781

 -- Marc Deslauriers <marc.deslauriers@xxxxxxxxxx>  Thu, 14 Feb 2019
08:32:24 -0500

** Changed in: gnome-keyring (Ubuntu Trusty)
       Status: Confirmed => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-20781

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1772919

Title:
  pam-gnome-keyring.so reveals user’s password credential as a plaintext
  form

Status in gnome-keyring package in Ubuntu:
  Fix Released
Status in gnome-keyring source package in Trusty:
  Fix Released
Status in gnome-keyring source package in Xenial:
  Confirmed

Bug description:
  When I perform memory dump of session-child process, user’s login
  credential, including user accounts and their password, is revealed as
  a plaintext form.

  In ‘pam_sm_authenticate’ function, user’s password is stored in the
  heap memory of ‘pam_handle->data” to perform unlock the keyring in
  later.

  After unlocking the keyring, the pam module does not free/overwrite
  the memory area though the password is no longer used.

  We thus could find user’s login credentials.

  This raises concerns over the credential being misused for illegal
  behavior, such as acquiring user’s session key.

  It would be better to clean the heap memory.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: gnome-keyring 3.18.3-0ubuntu2
  ProcVersionSignature: Ubuntu 4.13.0-36.40~16.04.1-generic 4.13.13
  Uname: Linux 4.13.0-36-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.15
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed May 23 22:53:12 2018
  InstallationDate: Installed on 2018-04-20 (32 days ago)
  InstallationMedia: Ubuntu 16.04.4 LTS "Xenial Xerus" - Release amd64 (20180228)
  SourcePackage: gnome-keyring
  UpgradeStatus: No upgrade log present (probably fresh install)
  upstart.gnome-keyring-ssh.log: grep: /home/sungjungk/.config/autostart/gnome-keyring-ssh.desktop: No such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-keyring/+bug/1772919/+subscriptions