Vulnerability CVE-2019-3827


Published: 2019-03-25

Description:
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Type:

CWE-275

(Permission Issues)

Vendor: Gnome
Product: GVFS 
Version:
1.9.5
1.9.4
1.9.3
1.9.2
1.9.1
1.9.0
1.8.2
1.8.1
1.8.0
1.7.3
1.7.2
1.7.1
1.7.0
1.6.7
1.6.6
1.6.5
1.6.4
1.6.3
1.6.2
1.6.1
1.6.0
1.5.5
1.5.4
1.5.3
1.5.2
1.5.1
1.4.3
1.4.2
1.4.1
1.4.0
1.39.3
1.39.1
1.38.2
1.38.1
1.38.0
1.37.92
1.37.91
1.37.90
1.37.4
1.37.2
1.37.1
1.36.3
1.36.2
1.36.1
1.36.0
1.35.92
1.35.91
1.35.90
1.35.4
1.35.3
1.35.2
1.35.1
1.34.2.1
1.34.2
1.34.1
1.34.0
1.33.92
1.33.91
1.33.90
1.33.3
1.33.1
1.32.2
1.32.1
1.32.0
1.31.92
1.31.91
1.31.90
1.31.4
1.31.3
1.31.2
1.31.1
1.30.4
1.30.3
1.30.2
1.30.1.1
1.30.1
1.30.0
1.3.6
1.3.5
1.3.4
1.3.3
1.3.2
1.3.1
1.29.92
1.29.91
1.29.90
1.29.4
1.29.3
1.29.2
1.29.1
1.28.4
1.28.3
1.28.2
1.28.1
1.28.0
1.27.92
1.27.91
1.27.90
1.27.4
1.27.3
See more versions on NVD

CVSS2 => (AV:L/AC:M/Au:N/C:P/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.3/10
4.9/10
3.4/10
Exploit range
Attack complexity
Authentication
Local
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
None

 References:
https://access.redhat.com/errata/RHSA-2019:1517
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827
https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31

Related CVE
CVE-2019-3890
It was discovered evolution-ews before 3.31.3 does not check the validity of SSL certificates. An attacker could abuse this flaw to get confidential information by tricking the user into connecting to a fake server without the user noticing the diffe...
CVE-2019-1010006
Evince 3.26.0 is affected by buffer overflow. The impact is: DOS / Possible code execution. The component is: backend/tiff/tiff-document.c. The attack vector is: Victim must open a crafted PDF file. The issue occurs because of an incorrect integer ov...
CVE-2019-13012
The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CRE...
CVE-2019-12795
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue ...
CVE-2019-12450
file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.
CVE-2019-12449
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges...
CVE-2019-12448
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write.
CVE-2019-12447
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.

Copyright 2019, cxsecurity.com

 

Back to Top