CVE-2019-12749

EPSS 0.04%
Published 11.06.2019 17:29:00
Last modified 06.12.2024 14:15:18
Source cve@mitre.org
Teams watchlist Login
Open Login

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Affected products Warnungen 0 Metrics 3 CWE 1 References 21

Data is provided by the National Vulnerability Database (NVD)

Freedesktop ≫ Dbus Version < 1.10.28

Freedesktop ≫ Dbus Version >= 1.12.0 < 1.12.16

Freedesktop ≫ Dbus Version >= 1.13.0 < 1.13.12

Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.04 SwEditionlts

Canonical ≫ Ubuntu Linux Version18.10

Canonical ≫ Ubuntu Linux Version19.04

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.105

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	3.6	3.9	4.9	AV:L/AC:L/Au:N/C:P/I:P/A:N

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html

http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html

http://www.openwall.com/lists/oss-security/2019/06/11/2

Third Party Advisory

Mailing List

Mitigation

http://www.securityfocus.com/bid/108751

https://access.redhat.com/errata/RHSA-2019:1726

https://access.redhat.com/errata/RHSA-2019:2868

https://access.redhat.com/errata/RHSA-2019:2870

https://access.redhat.com/errata/RHSA-2019:3707