A flaw exists in ibus in versions prior to 1.5.22 that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
ibus project ibus |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
canonical ubuntu linux 18.04 |
||
canonical ubuntu linux 19.10 |
||
canonical ubuntu linux 16.04 |
||
oracle zfs storage appliance kit 8.8 |