CVE CyberSecurity Database News

CVE-2022-1736 - How Ubuntu’s Gnome Remote Desktop Configuration Opened Doors

Poster -

In the world of Linux, security is a high priority, but sometimes even top systems slip up. In 2022, a security issue—CVE-2022-1736—exposed Ubuntu users to unexpected risk via a default setting. For many users, this meant their desktops could be shared remotely without knowing, all because of how Ubuntu configured its GNOME Control Center.

Let’s break down what happened, see how it could be exploited, and what you can do to protect your system.

What is CVE-2022-1736?

CVE-2022-1736 is a vulnerability found in the way Ubuntu packaged the GNOME Control Center (gnome-control-center). Specifically, it allowed the Remote Desktop Sharing feature to be enabled by default on some flavors of Ubuntu. This feature, part of GNOME's “Sharing” settings, lets anyone connect to your desktop over the network if they know your IP. Usually, this should be turned off unless you set it up yourself.

Why is this such a big deal?

If Remote Desktop Sharing is on, a hacker on the same network can connect to your computer. If you haven’t set up a strong password or changed the default settings, it’s possible for an attacker to see your screen, move your mouse, or even control your PC.

The Vulnerability: How It Happened

Normally, when you install Linux with GNOME, you have to turn on the sharing feature by yourself. With this Ubuntu-specific configuration, Remote Desktop Sharing could be on even if a user never touched those settings!

This was largely due to a packaging mistake specific to Ubuntu’s version of the gnome-control-center around version 3.36.x. The code responsible for enabling sharing was triggered automatically, skipping the usual user approval prompt.

Reference

- Launchpad Bug #1966665
- Ubuntu Security Notice USN-5442-1

Exploit Details: How Could It Be Abused?

Let’s say you’re using Ubuntu and hooked up to a Wi-Fi in a coffee shop, library, or office. Without you realizing it, your machine’s desktop is broadcast across the local network. Anyone can scan for available remote desktops using simple network tools.

Here’s how an attacker could find an open Ubuntu system with remote desktop sharing enabled

# Scan for VNC servers (default port 590, used by GNOME remote desktop)
nmap -p 590 --open 192.168.1./24

If scanning shows open ports, an attacker could use a tool like vinagre, remmina, or the classic vncviewer to connect:

vncviewer 192.168.1.42:

If the desktop sharing was enabled with no password set (the default on some configurations), the attacker gets instant access.

Want to check if Desktop Sharing is enabled on your system? Run this

# Check if the remote desktop service is running
systemctl --user status gnome-remote-desktop

# Check if any 'Sharing' settings are enabled
gsettings get org.gnome.Vino require-encryption
gsettings get org.gnome.Vino enabled

If any of these show "true" or return open ports (ss -tlnp | grep 590), your computer could be vulnerable.

Fixing the Problem: Patch and Prevent

Ubuntu patched this issue quickly—if you update your system, you're protected. To be sure, update via:

sudo apt update
sudo apt upgrade

Then, double-check your sharing settings in Settings > Sharing and make sure “Screen Sharing” is OFF unless you want to use it.

For advanced users, you can also disable the service entirely

systemctl --user stop gnome-remote-desktop
systemctl --user disable gnome-remote-desktop

Final Thoughts

CVE-2022-1736 is a strong reminder that even secure systems can have dangerous defaults. If you use Ubuntu or any GNOME-based desktop, always check your sharing settings—especially after installation. A few clicks can make all the difference between privacy and public display.

References
- Launchpad Bug #1966665
- Ubuntu Security Notice USN-5442-1
- CVE Details

Timeline

Published on: 01/31/2025 02:15:28 UTC
Last modified on: 02/07/2025 16:15:33 UTC