Vulnerabilities > CVE-2019-3827 - Incorrect Authorization vulnerability in Gnome Gvfs
Attack vector
LOCAL Attack complexity
HIGH Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Scientific Linux Local Security Checks NASL id SL_20190806_GVFS_ON_SL7_X.NASL description Security Fix(es) : - gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) last seen 2020-03-18 modified 2019-08-27 plugin id 128221 published 2019-08-27 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128221 title Scientific Linux Security Update : gvfs on SL7.x x86_64 (20190806) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2019-1517.NASL description From Red Hat Security Advisory 2019:1517 : An update for gvfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127591 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127591 title Oracle Linux 8 : gvfs (ELSA-2019-1517) NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-0438-1.NASL description This update for gvfs fixes the following issues : Security vulnerability fixed : CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122342 published 2019-02-20 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122342 title SUSE SLED15 / SLES15 Security Update : gvfs (SUSE-SU-2019:0438-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-3888-1.NASL description It was discovered that GVfs incorrectly handled certain inputs. An attacker could possibly use this issue to access sensitive information. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122153 published 2019-02-13 reporter Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122153 title Ubuntu 18.04 LTS / 18.10 : gvfs vulnerability (USN-3888-1) NASL family Huawei Local Security Checks NASL id EULEROS_SA-2019-2156.NASL description According to the version of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user last seen 2020-05-08 modified 2019-11-12 plugin id 130865 published 2019-11-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130865 title EulerOS 2.0 SP5 : gvfs (EulerOS-SA-2019-2156) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-1517.NASL description An update for gvfs is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 126026 published 2019-06-19 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/126026 title RHEL 8 : gvfs (RHSA-2019:1517) NASL family SuSE Local Security Checks NASL id OPENSUSE-2019-261.NASL description This update for gvfs fixes the following issues : Security vulnerability fixed : - CVE-2019-3827: Fixed an issue whereby an unprivileged user was not prompted to give a password when acessing root owned files. (bsc#1125084) This update was imported from the SUSE:SLE-15:Update update project. last seen 2020-06-01 modified 2020-06-02 plugin id 122497 published 2019-02-28 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122497 title openSUSE Security Update : gvfs (openSUSE-2019-261) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0238_GVFS.NASL description The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user last seen 2020-06-01 modified 2020-06-02 plugin id 132442 published 2019-12-31 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/132442 title NewStart CGSL CORE 5.05 / MAIN 5.05 : gvfs Vulnerability (NS-SA-2019-0238) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2019-2145.NASL description An update for gvfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 128364 published 2019-08-30 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128364 title CentOS 7 : gvfs (CESA-2019:2145) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2145.NASL description An update for gvfs is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. GVFS is the GNOME Desktop Virtual File System layer that allows users to easily access local and remote data using File Transfer Protocol (FTP), Secure Shell File Transfer Protocol (SFTP), Web Distributed Authoring and Versioning (WebDAV), Common Internet File System (CIFS), Server Message Block (SMB), and other protocols. GVFS integrates with the GNOME I/O (GIO) abstraction layer. Security Fix(es) : * gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password (CVE-2019-3827) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section. last seen 2020-06-01 modified 2020-06-02 plugin id 127684 published 2019-08-12 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/127684 title RHEL 7 : gvfs (RHSA-2019:2145) NASL family NewStart CGSL Local Security Checks NASL id NEWSTART_CGSL_NS-SA-2019-0224_GVFS.NASL description The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gvfs packages installed that are affected by a vulnerability: - An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user last seen 2020-06-01 modified 2020-06-02 plugin id 131423 published 2019-12-02 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/131423 title NewStart CGSL CORE 5.04 / MAIN 5.04 : gvfs Vulnerability (NS-SA-2019-0224)
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- https://access.redhat.com/errata/RHSA-2019:1517
- https://access.redhat.com/errata/RHSA-2019:1517
- https://access.redhat.com/errata/RHSA-2019:2145
- https://access.redhat.com/errata/RHSA-2019:2145
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827
- https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31
- https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31