Bug 1728567 (CVE-2019-12449) - CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges
Summary: CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon...
Keywords:
Status: NEW
Alias: CVE-2019-12449
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1753972 1728568 1753971 1753973
Blocks: 1728569
TreeView+ depends on / blocked
 
Reported: 2019-07-10 07:26 UTC by Dhananjay Arunesh
Modified: 2019-09-29 15:16 UTC (History)
1 user (show)

Fixed In Version: gvfs 1.41.3
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-07-10 07:26:39 UTC
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

Upstream commit:
https://gitlab.gnome.org/GNOME/gvfs/commit/d5dfd823c94045488aef8727c553f1e0f7666b90

Comment 1 Dhananjay Arunesh 2019-07-10 07:26:51 UTC
Created gvfs tracking bugs for this issue:

Affects: fedora-all [bug 1728568]

Comment 3 Riccardo Schirone 2019-09-20 10:02:45 UTC
When copying a file from admin:// to file://, the target file is owned by the regular user instead of being owned by root. This could become an issue because the regular user may get access to confidential info through the copied file.

Comment 4 Riccardo Schirone 2019-09-20 10:05:13 UTC
Attack Vector set to Network (AV:N) as the vulnerability can be triggered in any application that makes use of gvfs and can use the admin:// backend.
Attack Complexity set to High (AC:H) because even though any network application could use the admin:// backend provided by gvfs, you must have the authorization of an admin user to access root-owned files and a way to access the copied files afterwards.
Privileged Required set to Low (PR:L) because the attacker needs to have at least some access on the vulnerable system to read the copied file accessible by the regular user.
User Interaction set to Required (UI:R) as usually an operation with the admin:// backend requires the user to provide a password to elevate his privileges.
Confidentiality set to High (C:H) because the file copied from the admin:// backend is accessible by a regular user and some confidential info could be leaked.

Comment 5 Riccardo Schirone 2019-09-20 11:44:20 UTC
Reference:
https://www.openwall.com/lists/oss-security/2019/07/09/3


Note You need to log in before you can comment on or make changes to this bug.