CVE-2013-4509

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-4509 at MITRE

Description

The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allows physically proximate attackers to obtain a user password by reading the lockscreen.
CVSS v2 Scores
  National Vulnerability Database
Base Score 1.85
Vector AV:L/AC:M/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

SUSE information

SUSE Bugzilla entry: 847718 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • ibus >= 1.5.4-4.1
  • ibus-branding-openSUSE-KDE >= 1.5.4-4.1
  • ibus-chewing >= 1.4.3-4.4.1
  • ibus-chewing-debuginfo >= 1.4.3-4.4.1
  • ibus-debuginfo >= 1.5.4-4.1
  • ibus-debugsource >= 1.5.4-4.1
  • ibus-devel >= 1.5.4-4.1
  • ibus-gtk >= 1.5.4-4.1
  • ibus-gtk-32bit >= 1.5.4-4.1
  • ibus-gtk-debuginfo >= 1.5.4-4.1
  • ibus-gtk-debuginfo-32bit >= 1.5.4-4.1
  • ibus-gtk3 >= 1.5.4-4.1
  • ibus-gtk3-32bit >= 1.5.4-4.1
  • ibus-gtk3-debuginfo >= 1.5.4-4.1
  • ibus-gtk3-debuginfo-32bit >= 1.5.4-4.1
  • ibus-lang >= 1.5.4-4.1
  • ibus-pinyin >= 1.5.0-3.6.1
  • ibus-pinyin-debuginfo >= 1.5.0-3.6.1
  • ibus-pinyin-debugsource >= 1.5.0-3.6.1
  • libibus-1_0-5 >= 1.5.4-4.1
  • libibus-1_0-5-32bit >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo >= 1.5.4-4.1
  • libibus-1_0-5-debuginfo-32bit >= 1.5.4-4.1
  • python-ibus >= 1.5.4-4.1
  • typelib-1_0-IBus-1_0 >= 1.5.4-4.1
Patchnames:
openSUSE-2013-850
openSUSE-2013-939
openSUSE-2014-40