Incorrect default permissions in Gnome GLib

#VU18944 Incorrect default permissions in Gnome GLib

Published: 2019-06-29

Vulnerability identifier: #VU18944

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-13012

CWE-ID: CWE-276

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Gnome GLib
Universal components / Libraries / Libraries used by multiple products

Vendor: Gnome Development Team

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local user with access to the system can view contents of files and directories or modify them.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Gnome GLib: 2.56.0 - 2.59.0

CPE

cpe:2.3:a:gnome:glib:2.59.0:*:*:*:*:*:*:*

External links
http://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429
http://gitlab.gnome.org/GNOME/glib/issues/1658
http://gitlab.gnome.org/GNOME/glib/merge_requests/450

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

Latest bulletins with this vulnerability

Multiple vulnerabilities in Dell EMC Unity Family, Dell EMC Unity XT Family

Multiple vulnerabilities in IBM Cloud Pak for Security

Multiple vulnerabilities in IBM Security Verify Access

Multiple vulnerabilities in Red Hat Web Terminal

Red Hat Enterprise Linux 8 update for GNOME

Red Hat update for .NET Core on Red Hat Enterprise Linux

OpenSUSE Linux update for glib2

Insecure permissions for files and folders in Gnome Glib