CVE-2019-12449 - An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a

CVE-2019-12449

Summary

An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.

References

Vulnerable Configurations

cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.4:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.90:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.91:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.39.92:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.0:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.40.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.41.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.41.1:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.41.2:*:*:*:*:*:*:*
cpe:2.3:a:gnome:gvfs:1.41.2:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVSS

Base:	3.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:

CWE

CWE-755

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	SINGLE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:M/Au:S/C:P/I:N/A:N

redhat via4

rpms

LibRaw-0:0.19.5-1.el8
LibRaw-debuginfo-0:0.19.5-1.el8
LibRaw-debugsource-0:0.19.5-1.el8
LibRaw-devel-0:0.19.5-1.el8
LibRaw-samples-debuginfo-0:0.19.5-1.el8
accountsservice-0:0.6.50-8.el8
accountsservice-debuginfo-0:0.6.50-8.el8
accountsservice-debugsource-0:0.6.50-8.el8
accountsservice-devel-0:0.6.50-8.el8
accountsservice-libs-0:0.6.50-8.el8
accountsservice-libs-debuginfo-0:0.6.50-8.el8
appstream-data-0:8-20191129.el8
baobab-0:3.28.0-4.el8
baobab-debuginfo-0:3.28.0-4.el8
baobab-debugsource-0:3.28.0-4.el8
clutter-0:1.26.2-8.el8
clutter-debuginfo-0:1.26.2-8.el8
clutter-debugsource-0:1.26.2-8.el8
clutter-devel-0:1.26.2-8.el8
clutter-doc-0:1.26.2-8.el8
clutter-tests-debuginfo-0:1.26.2-8.el8
evince-0:3.28.4-4.el8
evince-browser-plugin-0:3.28.4-4.el8
evince-browser-plugin-debuginfo-0:3.28.4-4.el8
evince-debuginfo-0:3.28.4-4.el8
evince-debugsource-0:3.28.4-4.el8
evince-libs-0:3.28.4-4.el8
evince-libs-debuginfo-0:3.28.4-4.el8
evince-nautilus-0:3.28.4-4.el8
evince-nautilus-debuginfo-0:3.28.4-4.el8
gdm-1:3.28.3-29.el8
gdm-debuginfo-1:3.28.3-29.el8
gdm-debugsource-1:3.28.3-29.el8
gjs-0:1.56.2-4.el8
gjs-debuginfo-0:1.56.2-4.el8
gjs-debugsource-0:1.56.2-4.el8
gjs-devel-0:1.56.2-4.el8
gjs-tests-debuginfo-0:1.56.2-4.el8
gnome-boxes-0:3.28.5-8.el8
gnome-boxes-debuginfo-0:3.28.5-8.el8
gnome-boxes-debugsource-0:3.28.5-8.el8
gnome-control-center-0:3.28.2-19.el8
gnome-control-center-debuginfo-0:3.28.2-19.el8
gnome-control-center-debugsource-0:3.28.2-19.el8
gnome-control-center-filesystem-0:3.28.2-19.el8
gnome-menus-0:3.13.3-11.el8
gnome-menus-debuginfo-0:3.13.3-11.el8
gnome-menus-debugsource-0:3.13.3-11.el8
gnome-menus-devel-0:3.13.3-11.el8
gnome-online-accounts-0:3.28.2-1.el8
gnome-online-accounts-debuginfo-0:3.28.2-1.el8
gnome-online-accounts-debugsource-0:3.28.2-1.el8
gnome-online-accounts-devel-0:3.28.2-1.el8
gnome-remote-desktop-0:0.1.6-8.el8
gnome-remote-desktop-debuginfo-0:0.1.6-8.el8
gnome-remote-desktop-debugsource-0:0.1.6-8.el8
gnome-session-0:3.28.1-8.el8
gnome-session-debuginfo-0:3.28.1-8.el8
gnome-session-debugsource-0:3.28.1-8.el8
gnome-session-wayland-session-0:3.28.1-8.el8
gnome-session-xsession-0:3.28.1-8.el8
gnome-settings-daemon-0:3.32.0-9.el8
gnome-settings-daemon-debuginfo-0:3.32.0-9.el8
gnome-settings-daemon-debugsource-0:3.32.0-9.el8
gnome-shell-0:3.32.2-14.el8
gnome-shell-debuginfo-0:3.32.2-14.el8
gnome-shell-debugsource-0:3.32.2-14.el8
gnome-software-0:3.30.6-3.el8
gnome-software-debuginfo-0:3.30.6-3.el8
gnome-software-debugsource-0:3.30.6-3.el8
gnome-software-editor-0:3.30.6-3.el8
gnome-software-editor-debuginfo-0:3.30.6-3.el8
gnome-terminal-0:3.28.3-1.el8
gnome-terminal-debuginfo-0:3.28.3-1.el8
gnome-terminal-debugsource-0:3.28.3-1.el8
gnome-terminal-nautilus-0:3.28.3-1.el8
gnome-terminal-nautilus-debuginfo-0:3.28.3-1.el8
gnome-tweaks-0:3.28.1-7.el8
gsettings-desktop-schemas-0:3.32.0-4.el8
gsettings-desktop-schemas-devel-0:3.32.0-4.el8
gtk-update-icon-cache-0:3.22.30-5.el8
gtk-update-icon-cache-debuginfo-0:3.22.30-5.el8
gtk3-0:3.22.30-5.el8
gtk3-debuginfo-0:3.22.30-5.el8
gtk3-debugsource-0:3.22.30-5.el8
gtk3-devel-0:3.22.30-5.el8
gtk3-devel-debuginfo-0:3.22.30-5.el8
gtk3-immodule-xim-0:3.22.30-5.el8
gtk3-immodule-xim-debuginfo-0:3.22.30-5.el8
gtk3-immodules-debuginfo-0:3.22.30-5.el8
gtk3-tests-debuginfo-0:3.22.30-5.el8
gvfs-0:1.36.2-8.el8
gvfs-afc-0:1.36.2-8.el8
gvfs-afc-debuginfo-0:1.36.2-8.el8
gvfs-afp-0:1.36.2-8.el8
gvfs-afp-debuginfo-0:1.36.2-8.el8
gvfs-archive-0:1.36.2-8.el8
gvfs-archive-debuginfo-0:1.36.2-8.el8
gvfs-client-0:1.36.2-8.el8
gvfs-client-debuginfo-0:1.36.2-8.el8
gvfs-debuginfo-0:1.36.2-8.el8
gvfs-debugsource-0:1.36.2-8.el8
gvfs-devel-0:1.36.2-8.el8
gvfs-fuse-0:1.36.2-8.el8
gvfs-fuse-debuginfo-0:1.36.2-8.el8
gvfs-goa-0:1.36.2-8.el8
gvfs-goa-debuginfo-0:1.36.2-8.el8
gvfs-gphoto2-0:1.36.2-8.el8
gvfs-gphoto2-debuginfo-0:1.36.2-8.el8
gvfs-mtp-0:1.36.2-8.el8
gvfs-mtp-debuginfo-0:1.36.2-8.el8
gvfs-smb-0:1.36.2-8.el8
gvfs-smb-debuginfo-0:1.36.2-8.el8
libvncserver-0:0.9.11-14.el8
libvncserver-debuginfo-0:0.9.11-14.el8
libvncserver-debugsource-0:0.9.11-14.el8
libvncserver-devel-0:0.9.11-14.el8
libxslt-0:1.1.32-4.el8
libxslt-debuginfo-0:1.1.32-4.el8
libxslt-debugsource-0:1.1.32-4.el8
libxslt-devel-0:1.1.32-4.el8
mozjs52-0:52.9.0-2.el8
mozjs52-debuginfo-0:52.9.0-2.el8
mozjs52-debugsource-0:52.9.0-2.el8
mozjs52-devel-0:52.9.0-2.el8
mozjs52-devel-debuginfo-0:52.9.0-2.el8
mozjs60-0:60.9.0-4.el8
mozjs60-debuginfo-0:60.9.0-4.el8
mozjs60-debugsource-0:60.9.0-4.el8
mozjs60-devel-0:60.9.0-4.el8
mutter-0:3.32.2-34.el8
mutter-debuginfo-0:3.32.2-34.el8
mutter-debugsource-0:3.32.2-34.el8
mutter-devel-0:3.32.2-34.el8
mutter-tests-debuginfo-0:3.32.2-34.el8
nautilus-0:3.28.1-12.el8
nautilus-debuginfo-0:3.28.1-12.el8
nautilus-debugsource-0:3.28.1-12.el8
nautilus-devel-0:3.28.1-12.el8
nautilus-extensions-0:3.28.1-12.el8
nautilus-extensions-debuginfo-0:3.28.1-12.el8
vala-0:0.40.19-1.el8
vala-debuginfo-0:0.40.19-1.el8
vala-debugsource-0:0.40.19-1.el8
vala-devel-0:0.40.19-1.el8
valadoc-debuginfo-0:0.40.19-1.el8
vinagre-0:3.22.0-21.el8
vinagre-debuginfo-0:3.22.0-21.el8
vinagre-debugsource-0:3.22.0-21.el8

refmap via4

fedora	FEDORA-2019-6ed5523cc0 FEDORA-2019-e6b02af8b8
misc	https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
mlist	[oss-security] 20190709 Privileged File Access from Desktop Applications
suse	openSUSE-SU-2019:1697 openSUSE-SU-2019:1699
ubuntu	USN-4053-1

Last major update

24-08-2020 - 17:37

Published

29-05-2019 - 17:29

Last modified

24-08-2020 - 17:37