An incorrect permission check in the admin backend in gvfs was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.
A flaw was found in gvfs 1.38.1-1. Unprivileged users are not prompted to give password when accessing root owned files.
This flaw affects gvfs since 1.29.4 where admin backend was introduced up to and including 1.39.4.
This issue did not affect the versions of gvfs as shipped with Red Hat Enterprise Linux 6 as they did not include support for admin backend.
Created gvfs tracking bugs for this issue:
Affects: fedora-all [bug 1673885]
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2019:1517 https://access.redhat.com/errata/RHSA-2019:1517