CVE-2019-3827

Опубликовано: 25 мар. 2019

Источник: ubuntu

Приоритет: medium

CVSS2: 3.3

CVSS3: 7

Описание

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Релиз	Статус	Примечание
bionic	released	1.36.1-0ubuntu1.3
cosmic	released	1.38.1-0ubuntu1.2
devel	released	1.39.90-1
esm-infra-legacy/trusty	DNE	trusty/esm was DNE [trusty was not-affected [code not present]]
esm-infra/bionic	released	1.36.1-0ubuntu1.3
esm-infra/xenial	not-affected	code not present
precise/esm	DNE
trusty	not-affected	code not present
trusty/esm	DNE	trusty was not-affected [code not present]
upstream	released	1.38.1-3

Показывать по

Ссылки на источники

3.3 Low

CVSS2

7 High

CVSS3

Связанные уязвимости

CVE-2019-3827

CVSS3: 7

redhat

около 7 лет назад

CVE-2019-3827

CVSS3: 7

nvd

почти 7 лет назад

CVE-2019-3827

CVSS3: 7

debian

почти 7 лет назад

An incorrect permission check in the admin backend in gvfs before vers ...

openSUSE-SU-2019:0261-1

suse-cvrf

почти 7 лет назад

Security update for gvfs

SUSE-SU-2019:0438-1

suse-cvrf

почти 7 лет назад

Security update for gvfs

3.3 Low

CVSS2

7 High

CVSS3

CVE-2019-3827

Описание

Пакет gvfs

Ссылки на источники

Связанные уязвимости