PT-2019-2631 · Gnome+7 · Gnome Gvfs+7

Malte Kraus

Publicado

2019-05-29

Atualizado

2024-06-15

CVE-2019-12449

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GNOME gvfs versions 1.29.4 through 1.41.2

Description The issue is related to the mishandling of a file's user and group ownership during move and copy operations from admin:// to file:// URIs in the daemon/gvfsbackendadmin.c component of the GVFS subsystem in GNOME. This is due to the unavailability of root privileges. The vulnerability may allow a remote attacker to impact the integrity, confidentiality, and availability of protected information when copying files using G FILE COPY ALL METADATA.

Recommendations For versions 1.29.4 through 1.41.2, consider restricting the use of the daemon/gvfsbackendadmin.c component until a patch is available, especially when performing operations involving admin:// and file:// URIs. Avoid using the G FILE COPY ALL METADATA option for copying files between these URIs to minimize the risk of exploitation.

Correção

Improper Handling of Exceptional Conditions

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-275CWE-755

Identificadores relacionados

ALSA-2020:1766

ALT-PU-2019-2363

ALT-PU-2019-2406

ALT-PU-2019-2783

BDU:2019-02516

CESA-2020_1766

CVE-2019-12449

MGASA-2019-0214

OPENSUSE-SU-2019:1697-1

OPENSUSE-SU-2019:1699-1

OPENSUSE-SU-2019_1697-1

OPENSUSE-SU-2019_1699-1

OPENSUSE-SU-2024:10838-1

RHSA-2020:1766

RHSA-2020_1766

RLSA-2020:1766

SUSE-SU-2019:1717-1

USN-4053-1

Produtos afetados

Alt Linux

Almalinux

Centos

Gnome Gvfs

Red Hat

Rocky Linux

Suse

Ubuntu

PT-2019-2631 · Gnome+7 · Gnome Gvfs+7

CVE-2019-12449

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 149