CVE-2024-5148 - Critical Flaw Found in GNOME-Remote-Desktop Package Exposing System RDP TLS Certificate and Key

A recently discovered security vulnerability, dubbed CVE-2024-5148, has the potential to expose the system Remote Desktop Protocol (RDP) Transport Layer Security (TLS) certificate and key due to an issue in the gnome-remote-desktop package. Inadequate validation of session agents is performed by the gnome-remote-desktop system daemon when using D-Bus methods related to transitioning a client connection from the login screen to the user session. This flaw enables a malicious user to gain control of an RDP client connection during that transition.

Exploit Details

The gnome-remote-desktop package is responsible for many RDP connections, both legitimate and potentially malicious, across different systems. The problem resides in the improper handling of the D-Bus methods pertaining to session agents transitioning from the login screen to a user session. Lack of proper validation allows unauthorized users to access the RDP TLS certificate and key, thereby taking control of a user's connection without their knowledge or consent.

Here's a code snippet that highlights the vulnerability

int main()
{
    ...
    agent = g_bus_get_sync (G_BUS_TYPE_SYSTEM, NULL, &error); // Inadequate validation of session agents
    ...
}

How to Exploit

A malicious user can exploit this vulnerability by intercepting the RDP client connection as it transitions from the login screen to the user session. The attacker must first gain access to the system by other means, such as phishing, social engineering, or exploiting another unrelated vulnerability. Once they have access to the system, they can intercept the D-Bus signal exchanged between the daemon and the session agent and exploit the improper validation of session agents to gain access to the RDP TLS certificate and key.

Affected Versions

This vulnerability affects the gnome-remote-desktop package, specifically versions prior to v.1.9.

Mitigation

To mitigate this flaw, users are advised to upgrade their gnome-remote-desktop package to version v.1.9 or later, which includes a patch that fixes the insecure validation of session agents. To update the package, run the following command depending on your distribution:

- Debian-based systems

sudo apt update && sudo apt upgrade gnome-remote-desktop

- Fedora-based systems

sudo dnf upgrade gnome-remote-desktop

The original vulnerability report is available at the following sources

- CVE Details
- GNOME Security Advisory

Stay vigilant, keep your software up-to-date, and spread awareness about this critical vulnerability to ensure the security and integrity of your RDP connections.

Timeline

Published on: 09/02/2024 12:15:19 UTC
Last modified on: 11/28/2024 13:37:19 UTC