GLSA-201201-16 : X.Org X Server/X Keyboard Configuration Database: Screen lock bypass

2012-01-30T00:00:00
ID GENTOO_GLSA-201201-16.NASL
Type nessus
Reporter Tenable
Modified 2018-07-11T00:00:00

Description

The remote host is affected by the vulnerability described in GLSA-201201-16 (X.Org X Server/X Keyboard Configuration Database: Screen lock bypass)

Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server       again provides debugging functionality that can be used terminate an       application that exclusively grabs mouse and keyboard input, like screen       locking utilities.
Gu1 reported that the X Keyboard Configuration Database maps this       functionality by default to the Ctrl+Alt+Numpad * key combination.

Impact :

A physically proximate attacker could exploit this vulnerability to gain       access to a locked X session without providing the correct credentials.

Workaround :

Downgrade to any version of x11-base/xorg-server below       x11-base/xorg-server-1.11:
  # emerge --oneshot --verbose '<x11-base/xorg-server-1.11'

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201201-16.
#
# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(57722);
  script_version("1.8");
  script_cvs_date("Date: 2018/07/11 17:09:26");

  script_cve_id("CVE-2012-0064");
  script_bugtraq_id(51562);
  script_xref(name:"GLSA", value:"201201-16");

  script_name(english:"GLSA-201201-16 : X.Org X Server/X Keyboard Configuration Database: Screen lock bypass");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-201201-16
(X.Org X Server/X Keyboard Configuration Database: Screen lock bypass)

    Starting with the =x11-base/xorg-server-1.11 package, the X.Org X Server
      again provides debugging functionality that can be used terminate an
      application that exclusively grabs mouse and keyboard input, like screen
      locking utilities.
    Gu1 reported that the X Keyboard Configuration Database maps this
      functionality by default to the Ctrl+Alt+Numpad * key combination.
  
Impact :

    A physically proximate attacker could exploit this vulnerability to gain
      access to a locked X session without providing the correct credentials.
  
Workaround :

    Downgrade to any version of x11-base/xorg-server below
      x11-base/xorg-server-1.11:
      # emerge --oneshot --verbose '<x11-base/xorg-server-1.11'"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/201201-16"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All xkeyboard-config users should upgrade to the latest version:
      # emerge --sync
      # emerge --ask --oneshot --verbose
      '>=x11-misc/xkeyboard-config-2.4.1-r3'
    NOTE: The X.Org X Server 1.11 was only stable on the AMD64, ARM, HPPA,
      and x86 architectures. Users of the stable branches of all other
      architectures are not affected and will be directly provided with a fixed
      X Keyboard Configuration Database version."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:xkeyboard-config");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2012/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2012/01/30");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list", "Host/Gentoo/arch");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
ourarch = get_kb_item("Host/Gentoo/arch");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(amd64|arm|hppa|x86)$") audit(AUDIT_ARCH_NOT, "amd64|arm|hppa|x86", ourarch);

flag = 0;

if (qpkg_check(package:"x11-misc/xkeyboard-config", arch:"amd64 arm hppa x86", unaffected:make_list("ge 2.4.1-r3"), vulnerable:make_list("lt 2.4.1-r3"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "X.Org X Server/X Keyboard Configuration Database");
}