CVE-2024-5148: GNOME Remote Desktop Vulnerability Exposes Sensitive Information
Security researcher Matthias Gerstner has discovered a critical vulnerability (CVE-2024-5148) in GNOME Remote Desktop versions 46.0 and 46.1, potentially exposing sensitive information and allowing unauthorized access to remote desktop sessions.
gnome-remote-desktop offers remote access to graphical user sessions via VNC or RDP (Microsoft Remote Desktop) protocols. Before version 46, it was used solely within existing graphical user sessions. Starting with version 46, a system daemon was introduced, enabling remote graphical sessions through the GNOME Display Manager (GDM). This daemon runs under a dedicated user, “gnome-remote-desktop,” and interacts with GDM via a D-Bus interface.
The vulnerability stems from an unauthenticated D-Bus interface, which allows any local user to intercept private SSL keys, system credentials, and even obtain the socket connection of an RDP client in handover state. This could lead to
- Local Private Key Leak
The system daemon stores public SSL certificates and corresponding private keys in “/var/lib/gnome-remote-desktop/.local/share/gnome-remote-desktop/certificates,” with restricted access. Despite this, any local user can intercept the private SSL key via the StartHandover D-Bus function. This unauthorized access compromises the integrity and privacy of RDP connections on the system.
- System Credentials Leak
Local attackers can obtain shared system credentials in cleartext by calling the unauthenticated GetSystemCredentials() D-Bus method. These credentials allow the attacker to connect to the display manager via RDP, potentially accessing sessions if features like automatic login are enabled.
- Socket Connection Hijacking
The Handover.TakeClient() D-Bus method allows any local user to obtain the file descriptor for the RDP client in handover state, leading to possible denial-of-service (DoS) attacks or the setup of a crafted RDP session.
The impact of the CVE-2024-5148 vulnerability is significant, as it can compromise the integrity and privacy of RDP connections on affected systems. Organizations and individuals using GNOME Remote Desktop versions 46.0 or 46.1 are strongly advised to update to version 46.2 or later immediately. The bug fix in version 46.2 restricts access to the handover interface to the authorized user, mitigating the risk of unauthorized access.
