Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2019-12795

Опубликовано: 11 июн. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.6
CVSS3: 7.8

Описание

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

РелизСтатусПримечание
bionic

released

1.36.1-0ubuntu1.3.3
cosmic

released

1.38.1-0ubuntu1.3.2
devel

released

1.40.1-1ubuntu1
disco

released

1.40.1-1ubuntu0.1
esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

1.36.1-0ubuntu1.3.3
esm-infra/xenial

not-affected

1.28.2-1ubuntu1~16.04.3
precise/esm

DNE

trusty

ignored

end of standard support
trusty/esm

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 14%
0.00046
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2019-12795

CVSS3: 4.5
redhat
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

nvd логотип

CVE-2019-12795

CVSS3: 7.8
nvd
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

debian логотип

CVE-2019-12795

CVSS3: 7.8
debian
около 6 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x bef ...

suse-cvrf логотип

SUSE-SU-2024:2681-1

suse-cvrf
11 месяцев назад

Security update for gvfs

github логотип

GHSA-whx7-c8j2-42vv

github
около 3 лет назад

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

EPSS

Процентиль: 14%
0.00046
Низкий

4.6 Medium

CVSS2

7.8 High

CVSS3