Permissions, Privileges, and Access Controls in gvfs (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2019-12795 |
| CWE-ID | CWE-264 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
gvfs (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU18791
Risk: Low
CVSSv4.0: 0.4 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2019-12795
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to escalate privileges on the system.
The vulnerability exists due to the daemon/gvfsdaemon.c opened a private D-Bus server socket without configuring an authorization rule. A local attacker can connect to this server socket and issue D-Bus method calls.
MitigationInstall update from vendor's website.
Vulnerable software versionsgvfs (Alpine package): 1.34.1-r0
CPE2.3 External linkshttps://git.alpinelinux.org/aports/commit/?id=0c012f09fb2eecc434fec5eab8c7ca78095c950a
https://git.alpinelinux.org/aports/commit/?id=948e97dea02e32af012be430d5f87345a6263d46
https://git.alpinelinux.org/aports/commit/?id=fe8e3f960f8c6ccd7df3b8175b21a261be8fc006
https://git.alpinelinux.org/aports/commit/?id=5c7126a9f9c0fa81ccbcb651ea056d1c02540fbe
https://git.alpinelinux.org/aports/commit/?id=60a89bb75d82e71f7b44cc05bf8f024f66ddfd23
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
