CVE-2019-12749

Name of the Vulnerable Software and Affected Versions dbus versions 1.10.28 and earlier, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12

Description The issue is related to the DBUS COOKIE SHA1 authentication mechanism in the libdbus library, which is used in DBusServer in Canonical Upstart in Ubuntu 14.04. A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. This could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Recommendations For dbus versions 1.10.28 and earlier, update to version 1.10.28 or later. For dbus 1.12.x prior to 1.12.16, update to version 1.12.16 or later. For dbus 1.13.x prior to 1.13.12, update to version 1.13.12 or later. As a temporary workaround, consider restricting access to the ~/.dbus-keyrings directory to prevent symlink manipulation.