Main Vulnerability Database Vulnerabilities #VU17775

Security restrictions bypass in gvfs - CVE-2019-3827

Published: February 19, 2019

Vulnerability identifier: #VU17775

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-3827

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
gvfs

Detailed vulnerability description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to incorrect permission check in the admin backend. A local attacker can run malicious programs under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge.

How to mitigate CVE-2019-3827

Install updates from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/gvfs/issues/355

Security restrictions bypass in gvfs - CVE-2019-3827

Detailed vulnerability description

How to mitigate CVE-2019-3827

Sources

Please verify you're human