Bug 1728567 (CVE-2019-12449)
Summary: | CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | oholy |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | gvfs 1.41.3 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 16:33:20 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1728568, 1753971, 1753972, 1753973 | ||
Bug Blocks: | 1728569 |
Description
Dhananjay Arunesh
2019-07-10 07:26:39 UTC
Created gvfs tracking bugs for this issue: Affects: fedora-all [bug 1728568] When copying a file from admin:// to file://, the target file is owned by the regular user instead of being owned by root. This could become an issue because the regular user may get access to confidential info through the copied file. Attack Vector set to Network (AV:N) as the vulnerability can be triggered in any application that makes use of gvfs and can use the admin:// backend. Attack Complexity set to High (AC:H) because even though any network application could use the admin:// backend provided by gvfs, you must have the authorization of an admin user to access root-owned files and a way to access the copied files afterwards. Privileged Required set to Low (PR:L) because the attacker needs to have at least some access on the vulnerable system to read the copied file accessible by the regular user. User Interaction set to Required (UI:R) as usually an operation with the admin:// backend requires the user to provide a password to elevate his privileges. Confidentiality set to High (C:H) because the file copied from the admin:// backend is accessible by a regular user and some confidential info could be leaked. This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1766 https://access.redhat.com/errata/RHSA-2020:1766 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-12449 |