CVE-2019-12795

Published: Jun 11, 2019Modified: Nov 21, 2024

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Affected (3)

Products: Gnome: Gvfs

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Gnome Gvfs	Before 1.38.3
Gnome Gvfs	From 1.40.0 to 1.40.2
Gnome Gvfs	From 1.41.0 to 1.41.3

Related CWEs

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (22)

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/108741

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2019:3553

Source: cve@mitre.org

https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a

Source: cve@mitre.org

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f

Source: cve@mitre.org

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe

Source: cve@mitre.org

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/

Source: cve@mitre.org

https://usn.ubuntu.com/4053-1/

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/108741

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2019:3553

Source: af854a3a-2127-422b-91ae-364da2661108

https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/

Source: af854a3a-2127-422b-91ae-364da2661108

https://usn.ubuntu.com/4053-1/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.