CVE-2019-12447

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
gnomegvfs
1.29.4 ≤
𝑥
≤ 1.41.2
canonicalubuntu_linux
16.04
canonicalubuntu_linux
18.04
canonicalubuntu_linux
18.10
canonicalubuntu_linux
19.04
opensuseleap
15.0
opensuseleap
15.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
gvfs
bullseye
1.46.2-1
fixed
stretch
no-dsa
jessie
not-affected
bookworm
1.50.3-1
fixed
sid
1.56.1-1
fixed
trixie
1.56.1-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
gvfs
disco
Fixed 1.40.1-1ubuntu0.1
released
cosmic
Fixed 1.38.1-0ubuntu1.3.2
released
bionic
Fixed 1.36.1-0ubuntu1.3.3
released
xenial
not-affected
trusty
dne
References
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
http://www.openwall.com/lists/oss-security/2019/07/09/3
https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
https://usn.ubuntu.com/4053-1/
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
http://www.openwall.com/lists/oss-security/2019/07/09/3
https://gitlab.gnome.org/GNOME/gvfs/commit/d7d362995aa0cb8905c8d5c2a2a4c305d2ffff80
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
https://usn.ubuntu.com/4053-1/