[Secure-testing-team] Bug#677418: gpm shares its clipboard among different users
Christoph Anton Mitterer
calestyo at scientia.net
Wed Jun 13 20:41:12 UTC 2012
Package: gpm
Version: 1.20.4-6
Severity: grave
Tags: security upstream
Justification: user security hole
Hi.
Not sure whether noone has noticed this so far, but it seems to be worth
a CVE, IMHO.
As one can easily test, gpm uses one clip-board space for all users (including
root).
So if any of them marks anything sensitive, a following user can gather
this information.
Cheers,
Chris.
More information about the Secure-testing-team
mailing list