Vulnerabilities > CVE-2019-12795 - Incorrect Default Permissions vulnerability in Gnome Gvfs
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Accessing Functionality Not Properly Constrained by ACLs In applications, particularly web applications, access to functionality is mitigated by the authorization framework, whose job it is to map ACLs to elements of the application's functionality; particularly URL's for web apps. In the case that the administrator failed to specify an ACL for a particular element, an attacker may be able to access it with impunity. An attacker with the ability to access functionality not properly constrained by ACLs can obtain sensitive information and possibly compromise the entire application. Such an attacker can access resources that must be available only to users at a higher privilege level, can access management sections of the application or can run queries for data that he is otherwise not supposed to.
- Directory Indexing An adversary crafts a request to a target that results in the target listing/indexing the content of a directory as output. One common method of triggering directory contents as output is to construct a request containing a path that terminates in a directory name rather than a file name since many applications are configured to provide a list of the directory's contents when such a request is received. An adversary can use this to explore the directory tree on a target as well as learn the names of files. This can often end up revealing test files, backup files, temporary files, hidden files, configuration files, user accounts, script contents, as well as naming conventions, all of which can be used by an attacker to mount additional attacks.
- Footprinting An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
- Embedding Scripts within Scripts An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
- Web Logs Tampering Web Logs Tampering attacks involve an attacker injecting, deleting or otherwise tampering with the contents of web logs typically for the purposes of masking other malicious behavior. Additionally, writing malicious data to log files may target jobs, filters, reports, and other agents that process the logs in an asynchronous attack pattern. This pattern of attack is similar to "Log Injection-Tampering-Forging" except that in this case, the attack is targeting the logs of the web server and not the application.
Nessus
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4053-1.NASL description It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126598 published 2019-07-10 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126598 title Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : gvfs vulnerabilities (USN-4053-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4053-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(126598); script_version("1.5"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12795"); script_xref(name:"USN", value:"4053-1"); script_name(english:"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : gvfs vulnerabilities (USN-4053-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. (CVE-2019-12447, CVE-2019-12448, CVE-2019-12449) It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4053-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected gvfs and / or gvfs-backends packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gvfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:gvfs-backends"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:16.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/10"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(16\.04|18\.04|18\.10|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 16.04 / 18.04 / 18.10 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"16.04", pkgname:"gvfs", pkgver:"1.28.2-1ubuntu1~16.04.3")) flag++; if (ubuntu_check(osver:"16.04", pkgname:"gvfs-backends", pkgver:"1.28.2-1ubuntu1~16.04.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"gvfs", pkgver:"1.36.1-0ubuntu1.3.3")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"gvfs-backends", pkgver:"1.36.1-0ubuntu1.3.3")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"gvfs", pkgver:"1.38.1-0ubuntu1.3.2")) flag++; if (ubuntu_check(osver:"18.10", pkgname:"gvfs-backends", pkgver:"1.38.1-0ubuntu1.3.2")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"gvfs", pkgver:"1.40.1-1ubuntu0.1")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"gvfs-backends", pkgver:"1.40.1-1ubuntu0.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gvfs / gvfs-backends"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1907.NASL description According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)(CVE-2019-12795) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-16 plugin id 128830 published 2019-09-16 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128830 title EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-1907) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(128830); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07"); script_cve_id( "CVE-2019-12795" ); script_name(english:"EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-1907)"); script_summary(english:"Checks the rpm output for the updated package."); script_set_attribute(attribute:"synopsis", value: "The remote EulerOS host is missing a security update."); script_set_attribute(attribute:"description", value: "According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)(CVE-2019-12795) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues."); # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1907 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a23ba3d"); script_set_attribute(attribute:"solution", value: "Update the affected gvfs package."); script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/16"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-afc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-afp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-archive"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-goa"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-gphoto2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-mtp"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gvfs-smb"); script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Huawei Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp"); script_exclude_keys("Host/EulerOS/uvp_version"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/EulerOS/release"); if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS"); if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0"); sp = get_kb_item("Host/EulerOS/sp"); if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5"); uvp = get_kb_item("Host/EulerOS/uvp_version"); if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp); if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu); flag = 0; pkgs = ["gvfs-1.30.4-5.h1.eulerosv2r7", "gvfs-afc-1.30.4-5.h1.eulerosv2r7", "gvfs-afp-1.30.4-5.h1.eulerosv2r7", "gvfs-archive-1.30.4-5.h1.eulerosv2r7", "gvfs-client-1.30.4-5.h1.eulerosv2r7", "gvfs-devel-1.30.4-5.h1.eulerosv2r7", "gvfs-fuse-1.30.4-5.h1.eulerosv2r7", "gvfs-goa-1.30.4-5.h1.eulerosv2r7", "gvfs-gphoto2-1.30.4-5.h1.eulerosv2r7", "gvfs-mtp-1.30.4-5.h1.eulerosv2r7", "gvfs-smb-1.30.4-5.h1.eulerosv2r7"]; foreach (pkg in pkgs) if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gvfs"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1697.NASL description This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file last seen 2020-06-01 modified 2020-06-02 plugin id 126522 published 2019-07-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126522 title openSUSE Security Update : gvfs (openSUSE-2019-1697) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2019-1697. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(126522); script_version("1.4"); script_cvs_date("Date: 2020/01/08"); script_cve_id("CVE-2019-12447", "CVE-2019-12448", "CVE-2019-12449", "CVE-2019-12795"); script_name(english:"openSUSE Security Update : gvfs (openSUSE-2019-1697)"); script_summary(english:"Check for the openSUSE-2019-1697 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file's user and group ownership in daemon/gvfsbackendadmin.c (bsc#1136992). - CVE-2019-12448: Fixed race conditions in daemon/gvfsbackendadmin.c due to implementation of query_info_on_read/write at admin backend (bsc#1136981). Other issue addressed : - Drop polkit rules files that are only relevant for wheel group (bsc#1125433). This update was imported from the SUSE:SLE-15:Update update project." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1125433" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136981" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136986" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1137930" ); script_set_attribute(attribute:"solution", value:"Update the affected gvfs packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-32bit-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backend-afc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backend-afc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backend-samba"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backend-samba-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backends"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-backends-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:gvfs-lang"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/05/29"); script_set_attribute(attribute:"patch_publication_date", value:"2019/07/07"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/07/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backend-afc-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backend-afc-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backend-samba-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backend-samba-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backends-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-backends-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-debugsource-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-devel-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-fuse-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-fuse-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", reference:"gvfs-lang-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"gvfs-32bit-1.34.2.1-lp151.6.3.1") ) flag++; if ( rpm_check(release:"SUSE15.1", cpu:"x86_64", reference:"gvfs-32bit-debuginfo-1.34.2.1-lp151.6.3.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gvfs / gvfs-backend-afc / gvfs-backend-afc-debuginfo / etc"); }NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1768.NASL description According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)(CVE-2019-12795) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-03 modified 2019-07-25 plugin id 127005 published 2019-07-25 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127005 title EulerOS 2.0 SP8 : gvfs (EulerOS-SA-2019-1768) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2039.NASL description According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)(CVE-2019-12795) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-08 modified 2019-09-24 plugin id 129232 published 2019-09-24 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129232 title EulerOS 2.0 SP3 : gvfs (EulerOS-SA-2019-2039) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-3553.NASL description An update for GNOME is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. GNOME is the default desktop environment of Red Hat Enterprise Linux. Security Fix(es) : * evince: uninitialized memory use in function tiff_document_render() and tiff_document_get_thumbnail() (CVE-2019-11459) * gvfs: improper authorization in daemon/gvfsdaemon.c in gvfsd (CVE-2019-12795) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 130552 published 2019-11-06 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130552 title RHEL 8 : GNOME (RHSA-2019:3553) NASL family Fedora Local Security Checks NASL id FEDORA_2019-E6B02AF8B8.NASL description Update to 1.38.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 127533 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127533 title Fedora 29 : gvfs (2019-e6b02af8b8) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-1749.NASL description According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)(CVE-2019-12795) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-05-06 modified 2019-07-22 plugin id 126876 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126876 title EulerOS 2.0 SP2 : gvfs (EulerOS-SA-2019-1749) NASL family Fedora Local Security Checks NASL id FEDORA_2019-6ED5523CC0.NASL description Update to 1.40.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 126838 published 2019-07-22 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126838 title Fedora 30 : gvfs (2019-6ed5523cc0) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-1717-1.NASL description This update for gvfs fixes the following issues : Security issues fixed : CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). CVE-2019-12449: Fixed an improper handling of file last seen 2020-06-01 modified 2020-06-02 plugin id 126444 published 2019-07-02 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126444 title SUSE SLED15 / SLES15 Security Update : gvfs (SUSE-SU-2019:1717-1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-1699.NASL description This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls (bsc#1137930). - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of setfsuid (bsc#1136986). - CVE-2019-12449: Fixed an improper handling of file last seen 2020-06-01 modified 2020-06-02 plugin id 126523 published 2019-07-08 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126523 title openSUSE Security Update : gvfs (openSUSE-2019-1699) NASL family Debian Local Security Checks NASL id DEBIAN_DLA-1827.NASL description Simon McVittie discovered a flaw in gvfs, the Gnome Virtual File System. The gvfsd daemon opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.) For Debian 8 last seen 2020-06-01 modified 2020-06-02 plugin id 126054 published 2019-06-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126054 title Debian DLA-1827-1 : gvfs security update
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe
- https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
- https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
- http://www.securityfocus.com/bid/108741
- https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
- https://usn.ubuntu.com/4053-1/
- https://access.redhat.com/errata/RHSA-2019:3553
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/