#VU18678 Permissions, Privileges, and Access Controls in gvfs - CVE-2019-12447

Cybersecurity Help s.r.o.

Published: 2019-06-05 | Updated: 2019-06-13

Vulnerability identifier: #VU18678

Vulnerability risk: Critical

CVSSv4.0: 8.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red]

CVE-ID: CVE-2019-12447

CWE-ID: CWE-264

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
gvfs
Client/Desktop applications / Other client software

Vendor: Gnome Development Team

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to functionality in the daemon/gvfsbackendadmin.c file doesn't make use of "setfsuid" call when handling ownership permissions. A remote attacker can gain unauthorized access to arbitrary files on a system.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

As a temporary solution we recommend to install the software updates at the following links:

https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d

https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959

Vulnerable software versions

gvfs: 1.29.4 - 1.41.2

External links
https://gitlab.gnome.org/GNOME/gvfs/commit/3895e09d784ebec0fbc4614d5c37068736120e1d
https://gitlab.gnome.org/GNOME/gvfs/commit/daf1163aba229afcfddf0f925aef7e97047e8959

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat Enterprise Linux 8 update for GNOME

Permissions, Privileges, and Access Controls in gvfs (Alpine package)

Fedora 29 update for gvfs

Fedora 30 update for gvfs

OpenSUSE Linux update for gvfs