CVE-2019-12449Improper Handling of Exceptional Conditions in Gvfs

CWE-755Improper Handling of Exceptional ConditionsCWE-282Improper Ownership Management9 documents7 sources
Severity
5.7MEDIUMNVD
OSV7.3
EPSS
0.4%
top 38.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Gnome GvfsDebian GvfsCanonical Ubuntu Linux+2 more
Timeline
PublishedMay 29
Latest updateMay 24

Description

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages5 packages

Debiangnome/gvfs< 1.38.1-4+3
Ubuntugnome/gvfs< 1.28.2-1ubuntu1~16.04.3+1
NVDgnome/gvfs1.29.41.41.2
debiandebian/gvfs< gvfs 1.38.1-4 (bookworm)
NVDopensuse/leap15.0, 15.1+1

Also affects: Fedora 29, 30, Ubuntu Linux 16.04, 18.04, 18.10, 19.04

Patches

Patch: gitlab.gnome.orgPatch: gitlab.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-cvf3-3jj2-mv9f: An issue was discovered in GNOME gvfs 12022-05-24
OSV
gvfs vulnerabilities2019-07-09
OSV
CVE-2019-12449: An issue was discovered in GNOME gvfs 12019-05-29

📋Vendor Advisories

3
Ubuntu
GVfs vulnerabilities2019-07-09
Red Hat
gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges2019-05-29
Debian
CVE-2019-12449: gvfs - An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackenda...2019

💬Community

2
Bugzilla
CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges2019-07-10
Bugzilla
CVE-2019-12449 gvfs: mishandling of file's user and group ownership in daemon/gvfsbackendadmin.c due to unavailability of root privileges [fedora-all]2019-07-10
CVE-2019-12449 — Debian Gvfs vulnerability | cvebase