search

linuxmint / muffin

The window management library for the Cinnamon desktop (libmuffin) and its sample WM binary (muffin)
GNU General Public License v2.0
196 stars 91 forks source link

Severe Remote Exploit - Muffin Display Manager Version 5.8.1_x86 #676

Open opsec-research46 opened 11 months ago

opsec-research46 commented 11 months ago

Distribution

Mint 21.1 & Kernel 6.5.8

Package version

Cinnamon 5.8.4

Graphics hardware in use

Intel Xe Graphics 13th Gen Core i7

Frequency

Always

Bug description

  1. Pre-Disclosure: This is a notice of the issue without giving away to many details to attackers. Official CVE Submission to follow.

  2. Summary: This report discloses a severe remote exploit in Linux Mint Cinnamon's Muffin display manager version 5.8.1_x86. The exploit allows an attacker to obtain root-level access to the system by flashing high-frequency noise patterns in Perlin noise from a web browser or video, causing an overflow in the memory of window.c. The attacker can then inject data to the viewport using Fourier transform fuzzing.

  3. Vulnerability Description: The vulnerability lies in the window.c process of the Muffin display manager. By exploiting the overflow in the memory of this process, an attacker can inject malicious data to the viewport, leading to remote code execution with root-level privileges.

  4. Attack Scenario: The attacker can initiate the exploit by:

    a. Generating high-frequency noise patterns in Perlin noise from a web browser or video. b. Flashing these patterns on the target system, triggering the overflow in the memory of window.c. c. Injecting the malicious data to the viewport using Fourier transform fuzzing. d. Gaining root-level access to the system and executing arbitrary commands.

  5. Impact: This exploit poses a significant threat to Linux Mint Cinnamon users, as it allows remote attackers to gain full control over their systems. The impact includes:

    • Unauthorized access to sensitive data
    • Installation of malware or backdoors
    • Disruption of system operations

  6. Mitigation: To mitigate this vulnerability, we recommend the following actions:

    • Update Linux Mint Cinnamon to the latest version, which may include patches for this exploit.
    • Disable Internet access
    • Monitor system logs for any suspicious activity.

  7. Timeline:

    • October 20, 2023: Initial report submitted to the Linux Mint team
    • October 22, 2023: Linux Mint team acknowledges the report and begins investigating and begins talks for a path for a bounty in exchange for Private Disclosure and potential Patch.
    • November 10, 2023: Public disclosure of the exploit and the availability of the patch.

Steps to reproduce

Information for follow.

Expected behavior

Exploit to be resolved.

Additional information

No response

hyder365 commented 10 months ago

did anything happen with this or is it bogus?

DirkHaar commented 10 months ago

Who uses

Why should this problem be restricted to Mint, when it caused by Cinnamon, and why isn't it reported to Cinnamon?

clefebvre commented 10 months ago

@opsec-research46 who did you contact at Linux Mint?