CVE-2019-12449

Опубликовано: 29 мая 2019

Источник: nvd

CVSS3: 5.7

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/09/3
Mailing List
Third Party Advisory
https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
https://usn.ubuntu.com/4053-1/
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
Third Party Advisory
http://www.openwall.com/lists/oss-security/2019/07/09/3
Mailing List
Third Party Advisory
https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
Patch
Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
https://usn.ubuntu.com/4053-1/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gnome:gvfs:*:*:*:*:*:*:*:*

Версия от 1.29.4 (включая) до 1.41.2 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00612

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-755

Связанные уязвимости

CVE-2019-12449

CVSS3: 5.7

ubuntu

около 6 лет назад

CVE-2019-12449

CVSS3: 4.8

redhat

около 6 лет назад

CVE-2019-12449

CVSS3: 5.7

debian

около 6 лет назад

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gv ...

GHSA-cvf3-3jj2-mv9f

github

около 3 лет назад

BDU:2019-02516

CVSS3: 9.8

fstec

около 6 лет назад

Уязвимость компонента daemon/gvfsbackendadmin.c подсистемы GVFS среды рабочего стола GNOME операционных систем Linux, позволяющая нарушителю оказать воздействие на целостность, конфиденциальность и доступность защищаемой информации

EPSS

Процентиль: 69%

0.00612

Низкий

5.7 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-755