Vulnerabilities > CVE-2019-3827 - Incorrect Authorization vulnerability in Gnome Gvfs

047910
CVSS 7.0 - HIGH
Attack vector
LOCAL
Attack complexity
HIGH
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
high complexity
gnome
CWE-863
nessus

Summary

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Vulnerable Configurations

Part Description Count
Application
Gnome
192

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20190806_GVFS_ON_SL7_X.NASL
    descriptionSecurity Fix(es) : - gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827)
    last seen2020-03-18
    modified2019-08-27
    plugin id128221
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128221
    titleScientific Linux Security Update : gvfs on SL7.x x86_64 (20190806)
  • NASL familyOracle Linux Local Security Checks
    NASL idORACLELINUX_ELSA-2019-1517.NASL
    descriptionFrom Red Hat Security Advisory 2019:1517 : An update for gvfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127591
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127591
    titleOracle Linux 8 : gvfs (ELSA-2019-1517)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-0438-1.NASL
    descriptionThis update for gvfs fixes the following issues : Security vulnerability fixed : CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122342
    published2019-02-20
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122342
    titleSUSE SLED15 / SLES15 Security Update : gvfs (SUSE-SU-2019:0438-1)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-3888-1.NASL
    descriptionIt was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id122153
    published2019-02-13
    reporterUbuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122153
    titleUbuntu 18.04 LTS / 18.10 : gvfs vulnerability (USN-3888-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2156.NASL
    descriptionAccording to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user
    last seen2020-05-08
    modified2019-11-12
    plugin id130865
    published2019-11-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130865
    titleEulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-1517.NASL
    descriptionAn update for gvfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id126026
    published2019-06-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126026
    titleRHEL 8 : gvfs (RHSA-2019:1517)
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2019-261.NASL
    descriptionThis update for gvfs fixes the following issues : Security vulnerability fixed : - CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) This update was imported from the SUSE:SLE-15:Update update project.
    last seen2020-06-01
    modified2020-06-02
    plugin id122497
    published2019-02-28
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122497
    titleopenSUSE Security Update : gvfs (openSUSE-2019-261)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0238_GVFS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user
    last seen2020-06-01
    modified2020-06-02
    plugin id132442
    published2019-12-31
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/132442
    titleNewStart CGSL CORE 5.05 / MAIN 5.05 : gvfs Vulnerability (NS-SA-2019-0238)
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2019-2145.NASL
    descriptionAn update for gvfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id128364
    published2019-08-30
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128364
    titleCentOS 7 : gvfs (CESA-2019:2145)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-2145.NASL
    descriptionAn update for gvfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id127684
    published2019-08-12
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127684
    titleRHEL 7 : gvfs (RHSA-2019:2145)
  • NASL familyNewStart CGSL Local Security Checks
    NASL idNEWSTART_CGSL_NS-SA-2019-0224_GVFS.NASL
    descriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user
    last seen2020-06-01
    modified2020-06-02
    plugin id131423
    published2019-12-02
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/131423
    titleNewStart CGSL CORE 5.04 / MAIN 5.04 : gvfs Vulnerability (NS-SA-2019-0224)

Redhat

advisories
  • bugzilla
    id1665578
    titleCVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentgvfs-archive is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517001
          • commentgvfs-archive is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140302
        • AND
          • commentgvfs-mtp is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517003
          • commentgvfs-mtp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140296
        • AND
          • commentgvfs-goa is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517005
          • commentgvfs-goa is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140308
        • AND
          • commentgvfs-client is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517007
          • commentgvfs-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140300
        • AND
          • commentgvfs-afp is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517009
          • commentgvfs-afp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140312
        • AND
          • commentgvfs-debugsource is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517011
          • commentgvfs-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20191517012
        • AND
          • commentgvfs-fuse is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517013
          • commentgvfs-fuse is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140310
        • AND
          • commentgvfs-afc is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517015
          • commentgvfs-afc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140314
        • AND
          • commentgvfs-gphoto2 is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517017
          • commentgvfs-gphoto2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140306
        • AND
          • commentgvfs-devel is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517019
          • commentgvfs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140294
        • AND
          • commentgvfs-smb is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517021
          • commentgvfs-smb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140298
        • AND
          • commentgvfs is earlier than 0:1.36.2-2.el8_0.1
            ovaloval:com.redhat.rhsa:tst:20191517023
          • commentgvfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140304
    rhsa
    idRHSA-2019:1517
    released2019-06-18
    severityModerate
    titleRHSA-2019:1517: gvfs security update (Moderate)
  • bugzilla
    id1665578
    titleCVE-2019-3827 gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentgvfs-gphoto2 is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145001
          • commentgvfs-gphoto2 is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140306
        • AND
          • commentgvfs-mtp is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145003
          • commentgvfs-mtp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140296
        • AND
          • commentgvfs-client is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145005
          • commentgvfs-client is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140300
        • AND
          • commentgvfs-archive is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145007
          • commentgvfs-archive is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140302
        • AND
          • commentgvfs is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145009
          • commentgvfs is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140304
        • AND
          • commentgvfs-smb is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145011
          • commentgvfs-smb is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140298
        • AND
          • commentgvfs-goa is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145013
          • commentgvfs-goa is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140308
        • AND
          • commentgvfs-fuse is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145015
          • commentgvfs-fuse is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140310
        • AND
          • commentgvfs-afc is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145017
          • commentgvfs-afc is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140314
        • AND
          • commentgvfs-afp is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145019
          • commentgvfs-afp is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140312
        • AND
          • commentgvfs-tests is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145021
          • commentgvfs-tests is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140292
        • AND
          • commentgvfs-devel is earlier than 0:1.36.2-3.el7
            ovaloval:com.redhat.rhsa:tst:20192145023
          • commentgvfs-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140294
    rhsa
    idRHSA-2019:2145
    released2019-08-06
    severityModerate
    titleRHSA-2019:2145: gvfs security and bug fix update (Moderate)
rpms
  • gvfs-0:1.36.2-2.el8_0.1
  • gvfs-afc-0:1.36.2-2.el8_0.1
  • gvfs-afc-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-afp-0:1.36.2-2.el8_0.1
  • gvfs-afp-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-archive-0:1.36.2-2.el8_0.1
  • gvfs-archive-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-client-0:1.36.2-2.el8_0.1
  • gvfs-client-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-debugsource-0:1.36.2-2.el8_0.1
  • gvfs-devel-0:1.36.2-2.el8_0.1
  • gvfs-fuse-0:1.36.2-2.el8_0.1
  • gvfs-fuse-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-goa-0:1.36.2-2.el8_0.1
  • gvfs-goa-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-gphoto2-0:1.36.2-2.el8_0.1
  • gvfs-gphoto2-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-mtp-0:1.36.2-2.el8_0.1
  • gvfs-mtp-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-smb-0:1.36.2-2.el8_0.1
  • gvfs-smb-debuginfo-0:1.36.2-2.el8_0.1
  • gvfs-0:1.36.2-3.el7
  • gvfs-afc-0:1.36.2-3.el7
  • gvfs-afp-0:1.36.2-3.el7
  • gvfs-archive-0:1.36.2-3.el7
  • gvfs-client-0:1.36.2-3.el7
  • gvfs-debuginfo-0:1.36.2-3.el7
  • gvfs-devel-0:1.36.2-3.el7
  • gvfs-fuse-0:1.36.2-3.el7
  • gvfs-goa-0:1.36.2-3.el7
  • gvfs-gphoto2-0:1.36.2-3.el7
  • gvfs-mtp-0:1.36.2-3.el7
  • gvfs-smb-0:1.36.2-3.el7
  • gvfs-tests-0:1.36.2-3.el7