CVE-2019-3827

EUVD-2019-13449

25.03.2019, 18:29

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7 HIGH	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
redhat	CNA	7 HIGH	LOCAL	HIGH	NONE	CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 18%

Affected Products (NVD)

Vendor	Product	Version
gnome	gvfs	𝑥 < 1.39.4

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

gvfs

bookworm	1.50.3-1 fixed
bullseye	1.46.2-1 fixed
jessie	not-affected
sid	1.56.1-1 fixed
stretch	no-dsa
trixie	1.56.1-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

gvfs

bionic	Fixed 1.36.1-0ubuntu1.3 released
cosmic	Fixed 1.38.1-0ubuntu1.2 released
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://access.redhat.com/errata/RHSA-2019:1517

https://access.redhat.com/errata/RHSA-2019:2145

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827

https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31

https://access.redhat.com/errata/RHSA-2019:1517

https://access.redhat.com/errata/RHSA-2019:2145

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3827

https://gitlab.gnome.org/GNOME/gvfs/merge_requests/31