Vulnerabilities > CVE-2019-12450 - Incorrect Default Permissions vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.

Vulnerable Configurations

Part Description Count
Application
Gnome
298
OS
Debian
1
OS
Redhat
11
OS
Canonical
6
OS
Opensuse
1
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Accessing Functionality Not Properly Constrained by ACLs
    In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application or can run queries for data that he is otherwise not supposed to.
  • Directory Indexing
    An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Web Logs Tampering
    Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.

Nessus

  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1596-1.NASL
    descriptionThis update for glib2 fixes the following issues : Security issues fixed : CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). CVE-2018-16428: Avoid a NULL pointer dereference (bsc#1107121). CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Some exploitable parser bugs in GVariant and GDBus subsystems were fixed (bsc#1111499). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126152
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126152
    titleSUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1596-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from SUSE update advisory SUSE-SU-2019:1596-1.
    # The text itself is copyright (C) SUSE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(126152);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2018-16428", "CVE-2018-16429", "CVE-2019-12450");
    
      script_name(english:"SUSE SLES12 Security Update : glib2 (SUSE-SU-2019:1596-1)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SUSE host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This update for glib2 fixes the following issues :
    
    Security issues fixed :
    
    CVE-2019-12450: Fixed an improper file permission when copy operation
    takes place (bsc#1137001).
    
    CVE-2018-16428: Avoid a NULL pointer dereference (bsc#1107121).
    
    CVE-2018-16429: Fixed out-of-bounds read vulnerability
    ing_markup_parse_context_parse() (bsc#1107116).
    
    Some exploitable parser bugs in GVariant and GDBus subsystems were
    fixed (bsc#1111499).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the SUSE security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107116"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1107121"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1111499"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.suse.com/show_bug.cgi?id=1137001"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16428/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2018-16429/"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2019-12450/"
      );
      # https://www.suse.com/support/update/announcement/2019/suse-su-20191596-1/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?c1c913c0"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "To install this SUSE Security Update use the SUSE recommended
    installation methods like YaST online_update or 'zypper patch'.
    
    Alternatively you can run the command listed for your product :
    
    SUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-SP1-2019-1596=1
    
    SUSE Linux Enterprise Server 12-LTSS:zypper in -t patch
    SUSE-SLE-SERVER-12-2019-1596=1"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glib2-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glib2-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:glib2-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgio-2_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgio-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgio-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libglib-2_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libglib-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libglib-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgmodule-2_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgmodule-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgobject-2_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgobject-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgobject-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgthread-2_0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgthread-2_0-0");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libgthread-2_0-0-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/04");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/24");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
    os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE");
    os_ver = os_ver[1];
    if (! preg(pattern:"^(SLES12)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLES12", "SUSE " + os_ver);
    
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu);
    
    sp = get_kb_item("Host/SuSE/patchlevel");
    if (isnull(sp)) sp = "0";
    if (os_ver == "SLES12" && (! preg(pattern:"^(0|1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES12 SP0/1", os_ver + " SP" + sp);
    
    
    flag = 0;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glib2-debugsource-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glib2-tools-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"glib2-tools-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgio-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgio-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libglib-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libglib-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgmodule-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgmodule-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgobject-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgobject-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgthread-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgthread-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgio-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgio-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libglib-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libglib-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgmodule-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgobject-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgobject-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgthread-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"1", reference:"libgthread-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glib2-debugsource-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glib2-tools-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"glib2-tools-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgio-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgio-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libglib-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libglib-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgmodule-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgmodule-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgobject-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgobject-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgthread-2_0-0-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgthread-2_0-0-debuginfo-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgio-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgio-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libglib-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libglib-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgmodule-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgmodule-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgobject-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgobject-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgthread-2_0-0-32bit-2.38.2-7.9.2")) flag++;
    if (rpm_check(release:"SLES12", sp:"0", reference:"libgthread-2_0-0-debuginfo-32bit-2.38.2-7.9.2")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glib2");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C18D2BD1BD.NASL
    descriptionglib 2.60.4 release : - Fixes to improved network status detection with NetworkManager - Leak fixes to some `glib-genmarshal` generated code - Further fixes to the Happy Eyeballs (RFC 8305) implementation - File system permissions fix to clamp down permissions in a small time window when copying files (CVE-2019-12450) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125961
    published2019-06-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125961
    titleFedora 30 : glib2 (2019-c18d2bd1bd)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory FEDORA-2019-c18d2bd1bd.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(125961);
      script_version("1.3");
      script_cvs_date("Date: 2020/01/10");
    
      script_cve_id("CVE-2019-12450");
      script_xref(name:"FEDORA", value:"2019-c18d2bd1bd");
    
      script_name(english:"Fedora 30 : glib2 (2019-c18d2bd1bd)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "glib 2.60.4 release :
    
      - Fixes to improved network status detection with
        NetworkManager
    
      - Leak fixes to some `glib-genmarshal` generated code
    
      - Further fixes to the Happy Eyeballs (RFC 8305)
        implementation
    
      - File system permissions fix to clamp down permissions in
        a small time window when copying files (CVE-2019-12450)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora update system website.
    Tenable has attempted to automatically clean and format it as much as
    possible without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-c18d2bd1bd"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected glib2 package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:glib2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/06/17");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/06/18");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"FC30", reference:"glib2-2.60.4-1.fc30")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glib2");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0237_GLIB.NASL
    descriptionAn update of the glib package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126196
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126196
    titlePhoton OS 1.0: Glib PHSA-2019-1.0-0237
  • NASL familyAmazon Linux Local Security Checks
    NASL idAL2_ALAS-2019-1289.NASL
    descriptionfile_copy_fallback in gio/gfile.c in GNOME GLib 2.56.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used. (CVE-2019-12450)
    last seen2020-06-01
    modified2020-06-02
    plugin id129068
    published2019-09-20
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129068
    titleAmazon Linux 2 : glib2 (ALAS-2019-1289)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2077.NASL
    descriptionAccording to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used.(CVE-2019-13012) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-03
    modified2019-09-30
    plugin id129436
    published2019-09-30
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129436
    titleEulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2154.NASL
    descriptionAccording to the version of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-11-12
    plugin id130863
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130863
    titleEulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-2154)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1594-1.NASL
    descriptionThis update for glib2 fixes the following issues : Security issue fixed : CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed: glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126150
    published2019-06-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126150
    titleSUSE SLED15 / SLES15 Security Update : glib2 (SUSE-SU-2019:1594-1)
  • NASL familyAmazon Linux Local Security Checks
    NASL idALA_ALAS-2019-1256.NASL
    descriptionfile_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450)
    last seen2020-06-01
    modified2020-06-02
    plugin id127812
    published2019-08-13
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127812
    titleAmazon Linux AMI : glib2 (ALAS-2019-1256)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4014-1.NASL
    descriptionIt was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125813
    published2019-06-11
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125813
    titleUbuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : glib2.0 vulnerability (USN-4014-1)
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-3_0-0018_GLIB.NASL
    descriptionAn update of the glib package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id126206
    published2019-06-25
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126206
    titlePhoton OS 3.0: Glib PHSA-2019-3.0-0018
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1894.NASL
    descriptionAccording to the version of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-08
    modified2019-09-16
    plugin id128817
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128817
    titleEulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-1894)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1456.NASL
    descriptionAccording to the versions of the glib2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012) - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) - GNOME GLib 2.56.1 has an out-of-bounds read vulnerability in g_markup_parse_context_parse() in gmarkup.c, related to utf8_str().(CVE-2018-16429) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-04-30
    modified2020-04-16
    plugin id135618
    published2020-04-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135618
    titleEulerOS Virtualization 3.0.2.2 : glib2 (EulerOS-SA-2020-1456)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1927.NASL
    descriptionAccording to the version of the glib2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL, NULL) and files using g_file_replace_contents (kfsb-i1/4zfile, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2019-09-17
    plugin id128930
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128930
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2019-1927)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-1650.NASL
    descriptionThis update for glib2 fixes the following issues : Security issue fixed : - CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). Other issue addressed : - glib2 was handling an UNKNOWN connectivity state from NetworkManager as if there was a connection thus giving false positives to PackageKit (bsc#1103678) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id126334
    published2019-06-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126334
    titleopenSUSE Security Update : glib2 (openSUSE-2019-1650)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3530.NASL
    descriptionAn update for glib2 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GLib provides the core application building blocks for libraries and applications written in C. It provides the core object system used in GNOME, the main loop implementation, and a large set of utility functions for strings and common data structures. Security Fix(es) : * glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress (CVE-2019-12450) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130550
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130550
    titleRHEL 8 : glib2 (RHSA-2019:3530)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2325.NASL
    descriptionAccording to the version of the glib2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id131490
    published2019-12-03
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131490
    titleEulerOS Virtualization for ARM 64 3.0.3.0 : glib2 (EulerOS-SA-2019-2325)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1239.NASL
    descriptionAccording to the version of the glib2 packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-19
    modified2020-03-13
    plugin id134528
    published2020-03-13
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134528
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2020-1239)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-1826.NASL
    descriptionIt was discovered that GLib does not properly restrict some file permissions while a copy operation is in progress; instead, default permissions are used. For Debian 8
    last seen2020-06-01
    modified2020-06-02
    plugin id126011
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126011
    titleDebian DLA-1826-1 : glib2.0 security update
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2020-1387.NASL
    descriptionAccording to the versions of the glib2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0 through 2.61.1 does not properly restrict file permissions while a copy operation is in progress. Instead, default permissions are used.(CVE-2019-12450) - The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used for files, default file permissions are used. This is similar to CVE-2019-12450.(CVE-2019-13012) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-05-06
    modified2020-04-15
    plugin id135516
    published2020-04-15
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135516
    titleEulerOS 2.0 SP3 : glib2 (EulerOS-SA-2020-1387)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-1722-1.NASL
    descriptionThis update for glib2 provides the following fix : Security issues fixed : CVE-2019-12450: Fixed an improper file permission when copy operation takes place (bsc#1137001). CVE-2018-16428: Avoid a NULL pointer dereference that could crash glib2 users in markup processing (bnc#1107121). CVE-2018-16429: Fixed out-of-bounds read vulnerability ing_markup_parse_context_parse() (bsc#1107116). Non-security issues fixed: Install dummy *-mimeapps.list files to prevent dead symlinks. (bsc#1061599) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126461
    published2019-07-03
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126461
    titleSUSE SLED12 / SLES12 Security Update : glib2 (SUSE-SU-2019:1722-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-4014-2.NASL
    descriptionUSN-4014-1 fixed a vulnerability in GLib. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details : It was discovered that GLib incorrectly handled certain files. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id125851
    published2019-06-12
    reporterUbuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125851
    titleUbuntu 14.04 LTS : glib2.0 vulnerability (USN-4014-2)

Redhat

advisories
bugzilla
id1719141
titleCVE-2019-12450 glib2: file_copy_fallback in gio/gfile.c in GNOME GLib does not properly restrict file permissions while a copy operation is in progress
oval
OR
  • commentRed Hat Enterprise Linux must be installed
    ovaloval:com.redhat.rhba:tst:20070304026
  • AND
    • commentRed Hat Enterprise Linux 8 is installed
      ovaloval:com.redhat.rhba:tst:20193384074
    • OR
      • AND
        • commentglib2-debugsource is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530001
        • commentglib2-debugsource is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhsa:tst:20193530002
      • AND
        • commentglib2-fam is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530003
        • commentglib2-fam is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116120
      • AND
        • commentglib2-tests is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530005
        • commentglib2-tests is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044178
      • AND
        • commentglib2 is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530007
        • commentglib2 is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116114
      • AND
        • commentglib2-devel is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530009
        • commentglib2-devel is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116116
      • AND
        • commentglib2-static is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530011
        • commentglib2-static is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20192044176
      • AND
        • commentglib2-doc is earlier than 0:2.56.4-7.el8
          ovaloval:com.redhat.rhsa:tst:20193530013
        • commentglib2-doc is signed with Red Hat redhatrelease2 key
          ovaloval:com.redhat.rhba:tst:20152116118
rhsa
idRHSA-2019:3530
released2019-11-05
severityModerate
titleRHSA-2019:3530: glib2 security, bug fix, and enhancement update (Moderate)
rpms
  • glib2-0:2.56.4-7.el8
  • glib2-debuginfo-0:2.56.4-7.el8
  • glib2-debugsource-0:2.56.4-7.el8
  • glib2-devel-0:2.56.4-7.el8
  • glib2-devel-debuginfo-0:2.56.4-7.el8
  • glib2-doc-0:2.56.4-7.el8
  • glib2-fam-0:2.56.4-7.el8
  • glib2-fam-debuginfo-0:2.56.4-7.el8
  • glib2-static-0:2.56.4-7.el8
  • glib2-tests-0:2.56.4-7.el8
  • glib2-tests-debuginfo-0:2.56.4-7.el8