[Secure-testing-team] Bug#546018: gnome-terminal: Pressing keyboard keys alters cursor blinking

Emmanuel Colbus ecolbus at voila.fr
Thu Sep 10 19:16:23 UTC 2009 

Package: gnome-terminal
Version: 2.22.3-3
Severity: grave
Tags: security
Justification: user security hole


After any key is pressed (even Alt, Ctrl or Caps), gnome-terminal resets its
blinking cursor's "next color-switch time" to "now + one full color-switching
period". This (partially) defeats the purpose of not printing any character
when reading a password, and allows an attacker to acquire some information
on theoretically secret data (through a timing attack).

I believe su and ssh are the main impacted applications.

At least, I recommend disabling this feature when character echoing is off.

-- System Information:
Debian Release: 5.0.3
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.26-2-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages gnome-terminal depends on:
ii  gnome-terminal-data     2.22.3-3         Data files for the GNOME terminal 
ii  libatk1.0-0             1.22.0-1         The ATK accessibility toolkit
ii  libbonobo2-0            2.22.0-1         Bonobo CORBA interfaces library
ii  libc6                   2.7-18           GNU C Library: Shared libraries
ii  libgconf2-4             2.22.0-1         GNOME configuration database syste
ii  libglade2-0             1:2.6.2-1        library to load .glade files at ru
ii  libglib2.0-0            2.16.6-2         The GLib library of C routines
ii  libgnome2-0             2.20.1.1-1       The GNOME 2 library - runtime file
ii  libgnomeui-0            2.20.1.1-2       The GNOME 2 libraries (User Interf
ii  libgtk2.0-0             2.12.12-1~lenny1 The GTK+ graphical user interface 
ii  liborbit2               1:2.14.13-0.1    libraries for ORBit2 - a CORBA ORB
ii  libpango1.0-0           1.20.5-5         Layout and rendering of internatio
ii  libstartup-notification 0.9-1            library for program launch feedbac
ii  libvte9                 1:0.16.14-4      Terminal emulator widget for GTK+ 
ii  libx11-6                2:1.1.5-2        X11 client-side library
ii  libxrender1             1:0.9.4-2        X Rendering Extension client libra
ii  scrollkeeper            0.3.14-16        A free electronic cataloging syste

Versions of packages gnome-terminal recommends:
ii  yelp                         2.22.1-8+b1 Help browser for GNOME 2

gnome-terminal suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list