Main Vulnerability Database Vulnerabilities #VU18791

Permissions, Privileges, and Access Controls in gvfs - CVE-2019-12795

Published: June 13, 2019

Vulnerability identifier: #VU18791

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-12795

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Gnome Development Team

Affected software:
gvfs

Detailed vulnerability description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to the daemon/gvfsdaemon.c opened a private D-Bus server socket without configuring an authorization rule. A local attacker can connect to this server socket and issue D-Bus method calls.

How to mitigate CVE-2019-12795

Install updates from vendor's website.

Sources

https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe

Permissions, Privileges, and Access Controls in gvfs - CVE-2019-12795

Detailed vulnerability description

How to mitigate CVE-2019-12795

Sources

Please verify you're human