製品・ソフトウェアに関する情報

JVN脆弱性詳細

gnome-shell における入力確認に関する脆弱性

Title	gnome-shell における入力確認に関する脆弱性
Summary	gnome-shell には、入力確認に関する脆弱性が存在します。
Possible impacts	情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 攻撃が行われる可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	April 26, 2017, midnight
Registration Date	June 2, 2017, 3:46 p.m.
Last Update	June 2, 2017, 3:46 p.m.

Affected System

GNOME Project

GNOME Shell 3.22 から 3.24.1

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2017-8288	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8288
National Vulnerability Database (NVD)
2	CVE-2017-8288	https://nvd.nist.gov/vuln/detail/CVE-2017-8288

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
GitHub
1	extensionSystem: handle reloading broken extensions	https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1
2	Locking Screen sometimes dock and window list will remain in view #46	https://github.com/EasyScreenCast/EasyScreenCast/issues/46
GNOME Bugzilla
3	Bug 781728	https://bugzilla.gnome.org/show_bug.cgi?id=781728

その他

No	Name	URL
関連文書
1	0002513: Lockscreen doesn't always hide the menus and the dock	https://bugs.kali.org/view.php?id=2513

Change Log

No	Changed Details	Date of change
0	[2017年06月02日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2017-8288

Summary	gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to reload, which can lead to leaving extensions enabled in the lock screen. With these extensions, a bystander could launch applications (but not interact with them), see information from the extensions (e.g., what applications you have opened or what music you were playing), or even execute arbitrary commands. It all depends on what extensions a user has enabled. The problem is caused by lack of exception handling in js/ui/extensionSystem.js.
Publication Date	April 27, 2017, 9:59 a.m.
Registration Date	Jan. 26, 2021, 1:29 p.m.
Last Update	Nov. 21, 2024, 12:33 p.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://www.securityfocus.com/bid/98070	Third Party Advisory VDB Entry
2	http://www.securityfocus.com/bid/98070	Third Party Advisory VDB Entry
3	https://bugs.kali.org/view.php?id=2513	Issue Tracking
4	https://bugs.kali.org/view.php?id=2513	Issue Tracking
5	https://bugzilla.gnome.org/show_bug.cgi?id=781728	Issue Tracking
6	https://bugzilla.gnome.org/show_bug.cgi?id=781728	Issue Tracking
7	https://github.com/EasyScreenCast/EasyScreenCast/issues/46	Third Party Advisory
8	https://github.com/EasyScreenCast/EasyScreenCast/issues/46	Third Party Advisory
9	https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1	Issue Tracking Patch Third Party Advisory
10	https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1	Issue Tracking Patch Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html