First published: Wed May 29 2019(Updated: )
An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNOME gvfs | >=1.29.4<=1.41.2 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
Canonical Ubuntu Linux | =18.10 | |
Canonical Ubuntu Linux | =19.04 | |
Fedoraproject Fedora | =29 | |
Fedoraproject Fedora | =30 | |
openSUSE Leap | =15.0 | |
openSUSE Leap | =15.1 | |
ubuntu/gvfs | <1.36.1-0ubuntu1.3.3 | 1.36.1-0ubuntu1.3.3 |
ubuntu/gvfs | <1.38.1-0ubuntu1.3.2 | 1.38.1-0ubuntu1.3.2 |
ubuntu/gvfs | <1.40.1-1ubuntu0.1 | 1.40.1-1ubuntu0.1 |
debian/gvfs | 1.38.1-5 1.46.2-1 1.50.3-1 1.53.90-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12449.
The severity of CVE-2019-12449 is medium with a CVSS score of 5.7.
CVE-2019-12449 affects GNOME gvfs versions 1.29.4 through 1.41.2.
CVE-2019-12449 allows an attacker to mishandle a file's user and group ownership during move and copy operations, potentially leading to unauthorized access or privilege escalation.
Yes, there are updates available for each affected version of GNOME gvfs.