CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-12795 – gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd
https://notcve.org/view.php?id=CVE-2019-12795
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) daemon/gvfsdaemon.c in gvfsd from GNOME gvfs anterior 1.38.3, 1.40.x anterior 1.40.2, y 1.41.x anterior 1.41.3 abrió un socket de servidor en D-Bus privado, sin configurar una regla de autorización. Un atacante local podría conectarse a esta toma de servidor y generar llamadas de tipo D-Bus. (tener en cuenta que la toma de servidor solo acepta una única conexione, así el atacante podría tener que descubrir el servidor y conectarse al socket antes que su propio propietario lo haga. " • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.securityfocus.com/bid/108741 https://access.redhat.com/errata/RHSA-2019:3553 https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe https://lists.debian.org/debian-lts-announc • CWE-276: Incorrect Default Permissions CWE-285: Improper Authorization •
CVSS: 5.7EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12449 – gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges
https://notcve.org/view.php?id=CVE-2019-12449
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable. Fue encontrado un problema en GNOME gvfs versión 1.29.4 hasta la 1.41.2. El archivo daemon/gvfsbackendadmin.c maneja incorrectamente la propiedad de un usuario de archivo y grupo durante un movimiento (y copia con G_FILE_COPY_ALL_METADATA) operaciones de admin:// hacia file:// URIs, porque los privilegios root no están disponibles. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2& • CWE-282: Improper Ownership Management CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 8.1EPSS: 3%CPEs: 1EXPL: 0CVE-2019-12448 – gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing query_info_on_read/write
https://notcve.org/view.php?id=CVE-2019-12448
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c has race conditions because the admin backend doesn't implement query_info_on_read/write. Fue encontrado un problema en GNOME gvfs versión 1.29.4 hasta la 1.41.2. El archivo daemon/gvfsbackendadmin.c tiene condiciones de carrera porque el backend de administrador no ejecuta query_info_on_read/write. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/764e9af7522e3096c0f44613c330377d31c9bbb5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2& • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-364: Signal Handler Race Condition •
CVSS: 7.3EPSS: 0%CPEs: 9EXPL: 0CVE-2019-12447 – gvfs: mishandling of file ownership in daemon/gvfsbackendadmin.c
https://notcve.org/view.php?id=CVE-2019-12447
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. Fue encontrado un problema en GNOME gvfs versión 1.29.4 hasta la 1.41.2. El archivo daemon/gvfsbackendadmin.c maneja incorrectamente la propiedad de archivo porque no es usado setfsuid. It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. • http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html http://www.openwall.com/lists/oss-security/2019/07/09/3 https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2& • CWE-282: Improper Ownership Management •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-3827 – gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
https://notcve.org/view.php?id=CVE-2019-3827
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration. Se ha encontrado una comprobación de permiso incorrecta en el backend de administrador en gvfs, en versiones anteriores a la 1.39.4, que permite la lectura y la modificación de archivos arbitrarios por parte de usuarios privilegiados sin que se pida la contraseña cuando no se está ejecutando ningún agente de autenticación. La vulnerabilidad puede ser explotada por programas maliciosos que se ejecutan bajo privilegios de usuarios pertenecientes al grupo wheel para escalar los privilegios modificando los archivos de sistema sin que el usuario lo sepa. • https://access.redhat.com/errata/RHSA-2019:1517 https://access.redhat.com/errata/RHSA-2019:2145 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827 https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31 https://access.redhat.com/security/cve/CVE-2019-3827 https://bugzilla.redhat.com/show_bug.cgi?id=1665578 • CWE-863: Incorrect Authorization •