#VU18658 Permissions, Privileges, and Access Controls in Gnome GLib - CVE-2019-12450
Published: June 3, 2019
Vulnerability identifier: #VU18658
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-12450
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Gnome GLib
Gnome GLib
Software vendor:
Gnome Development Team
Gnome Development Team
Description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the application applies default directory permissions to files while copying them in file_copy_fallback() function in gio/gfile.c. A local user can interfere with the copying operation and gain access to otherwise restricted files, as the application applies correct access permissions after the file was copied only.
Such application behavior allows a local user to access potentially sensitive data or modify file contents in case directory permissions that were applied to the file allow such operations.
Remediation
Install updates from vendor's website.