Unrated severityNVD Advisory· Published Jun 11, 2019· Updated Aug 4, 2024

CVE-2019-12795

Description

daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)

Affected products

GNOME/gvfsdescription
osv-coords19 versions
pkg:rpm/almalinux/gdk-pixbuf2 pkg:rpm/almalinux/gdk-pixbuf2-devel pkg:rpm/almalinux/gdk-pixbuf2-modules pkg:rpm/almalinux/gdk-pixbuf2-xlib pkg:rpm/almalinux/gdk-pixbuf2-xlib-devel pkg:rpm/almalinux/gnome-desktop3 pkg:rpm/almalinux/gnome-desktop3-devel pkg:rpm/almalinux/libpurple pkg:rpm/almalinux/libpurple-devel pkg:rpm/almalinux/pidgin pkg:rpm/almalinux/pidgin-devel pkg:rpm/opensuse/gvfs&distro=openSUSE%20Leap%2015.0 pkg:rpm/opensuse/gvfs&distro=openSUSE%20Leap%2015.1 pkg:rpm/opensuse/gvfs&distro=openSUSE%20Tumbleweed pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015 pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Desktop%20Applications%2015%20SP1 pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5 pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5 pkg:rpm/suse/gvfs&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 2.36.12-5.el8+ 18 more
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 2.36.12-5.el8
- (no CPE)range: < 3.32.2-1.el8
- (no CPE)range: < 3.32.2-1.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 2.13.0-5.el8
- (no CPE)range: < 1.34.2.1-lp150.3.10.1
- (no CPE)range: < 1.34.2.1-lp151.6.3.1
- (no CPE)range: < 1.48.1-1.3
- (no CPE)range: < 1.34.2.1-4.13.1
- (no CPE)range: < 1.34.2.1-4.13.1
- (no CPE)range: < 1.28.3-18.6.1
- (no CPE)range: < 1.28.3-18.6.1
- (no CPE)range: < 1.28.3-18.6.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.htmlmitrevendor-advisoryx_refsource_SUSE
lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.htmlmitrevendor-advisoryx_refsource_SUSE
access.redhat.com/errata/RHSA-2019:3553mitrevendor-advisoryx_refsource_REDHAT
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/mitrevendor-advisoryx_refsource_FEDORA
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/mitrevendor-advisoryx_refsource_FEDORA
usn.ubuntu.com/4053-1/mitrevendor-advisoryx_refsource_UBUNTU
www.securityfocus.com/bid/108741mitrevdb-entryx_refsource_BID
gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082amitrex_refsource_MISC
gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48fmitrex_refsource_MISC
gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfemitrex_refsource_MISC
lists.debian.org/debian-lts-announce/2019/06/msg00014.htmlmitremailing-listx_refsource_MLIST

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000