This bug was fixed in the package gnome-control-center -
1:41.4-1ubuntu13.2
---------------
gnome-control-center (1:41.4-1ubuntu13.2) jammy-security; urgency=medium
* Add patches to turn off RDP & VNC gsettings keys when turning off
Remote Desktop Sharing (LP: #1971415)
- CVE-2022-1736
-- Jeremy Bicha <[email protected]> Wed, 18 May 2022 08:52:00 -0400
** Changed in: gnome-control-center (Ubuntu Jammy)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to gnome-control-center in Ubuntu.
https://bugs.launchpad.net/bugs/1971415
Title:
Remote desktop is automatically enabled after login
Status in gnome-control-center package in Ubuntu:
Fix Released
Status in gnome-control-center source package in Jammy:
Fix Released
Bug description:
Details:
Turning off RDP Remote Desktop Sharing with gnome-control-center would only
turn off RDP sharing for the current session. Upon logging back in, RDP Sharing
would be enabled again without any additional user interaction or notification.
Other Info:
As mentioned in the comments at
https://gitlab.gnome.org/GNOME/gnome-control-center/-/issues/1825
this issue could have been avoided if Ubuntu's gnome-remote-desktop didn't
keep the systemd user service always running. I do intend to fix that issue
also but it is a more complicated fix. I think it will require a maintainer
script to remove the automatic conffiles added by dh. I will do the
gnome-remote-desktop bugfix as a normal non-security SRU.
Original Bug Report:
If I disable sharing/remote desktop in GNOME Control Center, then log out and
back in, it is automatically enabled again. I report this as a security
vulnerability because remote desktop is enabled without the user's knowledge.
Software versions:
- Ubuntu 22.04
- gnome-remote-desktop 42.0-4ubuntu1
- gnome-control-center 1:41.4-1ubuntu13
Steps to reproduce:
1. Start with Remote Desktop enabled. "systemctl --user status
gnome-remote-desktop.service" reports "active (running)".
2. Disable Remote Desktop in Control Center. systemctl reports "inactive
(dead)".
3. Log out and back in.
4. Open Control Center. Remote Desktop is enabled again. systemctl reports
"active (running)".
Expected behavior:
Remote Desktop should stay disabled upon the new login.
Actual behavior:
Remote Desktop was automatically enabled again.
Previous discussion: https://gitlab.gnome.org/GNOME/gnome-control-
center/-/issues/1775#note_1443319
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/1971415/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
