Vulnerability CVE-2019-12795


Published: 2019-06-11

Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Type:

CWE-285

(Improper Authorization)

Vendor: Gnome
Product: GVFS 
Version:
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9.0
1.8.2
1.8.1
1.8.0
1.7.3
1.7.2
1.7.1
1.7.0
1.6.7
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.41.2
1.41.1
1.40.0
1.4.3
1.4.2
1.4.1
1.4.0
1.38.2
1.38.1
1.38.0
1.37.92
1.37.91
1.37.90
1.37.4
1.37.2
1.37.1
1.36.3
1.36.2
1.36.1
1.36.0
1.35.92
1.35.91
1.35.90
1.35.4
1.35.3
1.35.2
1.35.1
1.34.2.1
1.34.2
1.34.1
1.34.0
1.33.92
1.33.91
1.33.90
1.33.3
1.33.1
1.32.2
1.32.1
1.32.0
1.31.92
1.31.91
1.31.90
1.31.4
1.31.3
1.31.2
1.31.1
1.30.4
1.30.3
1.30.2
1.30.1.1
1.30.1
1.30.0
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.29.92
1.29.91
1.29.90
1.29.4
1.29.3
1.29.2
1.29.1
1.28.4
1.28.3
1.28.2
1.28.1
1.28.0
1.27.92
1.27.91
1.27.90
1.27.4
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/108741
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe
https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html

Related CVE
CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer ov...
CVE-2019-13012
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.59.1 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CRE...
CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12449
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...
CVE-2019-12448
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
CVE-2019-12447
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVE-2019-11460
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters ...
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIF...

Copyright 2019, cxsecurity.com

 

Back to Top