Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-12795

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Published

2019-06-11T22:29:06.560

Last Modified

2024-11-21T04:23:35.817

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-276

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnome	gvfs	< 1.38.3	Yes
Application	gnome	gvfs	< 1.40.2	Yes
Application	gnome	gvfs	< 1.41.3	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html ([email protected])
http://www.securityfocus.com/bid/108741 ([email protected])
https://access.redhat.com/errata/RHSA-2019:3553 ([email protected])
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a Patch, Vendor Advisory ([email protected])
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f Patch, Vendor Advisory ([email protected])
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe Patch, Vendor Advisory ([email protected])
https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ ([email protected])
https://usn.ubuntu.com/4053-1/ ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/108741 (af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2019:3553 (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/ (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/4053-1/ (af854a3a-2127-422b-91ae-364da2661108)