Vulnerability CVE-2019-12795


Published: 2019-06-11

Description:
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Type:

CWE-285

(Improper Authorization)

Vendor: Gnome
Product: GVFS 
Version:
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9.0
1.8.2
1.8.1
1.8.0
1.7.3
1.7.2
1.7.1
1.7.0
1.6.7
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.41.2
1.41.1
1.40.0
1.4.3
1.4.2
1.4.1
1.4.0
1.38.2
1.38.1
1.38.0
1.37.92
1.37.91
1.37.90
1.37.4
1.37.2
1.37.1
1.36.3
1.36.2
1.36.1
1.36.0
1.35.92
1.35.91
1.35.90
1.35.4
1.35.3
1.35.2
1.35.1
1.34.2.1
1.34.2
1.34.1
1.34.0
1.33.92
1.33.91
1.33.90
1.33.3
1.33.1
1.32.2
1.32.1
1.32.0
1.31.92
1.31.91
1.31.90
1.31.4
1.31.3
1.31.2
1.31.1
1.30.4
1.30.3
1.30.2
1.30.1.1
1.30.1
1.30.0
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.29.92
1.29.91
1.29.90
1.29.4
1.29.3
1.29.2
1.29.1
1.28.4
1.28.3
1.28.2
1.28.1
1.28.0
1.27.92
1.27.91
1.27.90
1.27.4
See more versions on NVD

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.6/10
6.4/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.securityfocus.com/bid/108741
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe
https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html

Related CVE
CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12449
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...
CVE-2019-12448
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
CVE-2019-12447
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
CVE-2019-11460
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters ...
CVE-2019-11459
The tiff_document_render() and tiff_document_get_thumbnail() functions in the TIFF document backend in GNOME Evince through 3.32.0 did not handle errors from TIFFReadRGBAImageOriented(), leading to uninitialized memory use when processing certain TIF...
CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can ...
CVE-2019-9633
gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mis...

Copyright 2019, cxsecurity.com

 

Back to Top