7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
83.9%
GNOME VFS is the GNOME virtual file system. It provides a modular
architecture and ships with several modules that implement support for file
systems, HTTP, FTP, and others. The extfs backends make it possible to
implement file systems for GNOME VFS using scripts.
Flaws have been found in several of the GNOME VFS extfs backend scripts.
Red Hat Enterprise Linux ships with vulnerable scripts, but they are not
used by default. An attacker who is able to influence a user to open a
specially-crafted URI using gnome-vfs could perform actions as that user.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2004-0494 to this issue.
Users of Red Hat Enterprise Linux should upgrade to these updated packages,
which remove these unused scripts.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | i386 | gnome-vfs2-devel | < 2.2.5-2E.1 | gnome-vfs2-devel-2.2.5-2E.1.i386.rpm |
RedHat | any | x86_64 | gnome-vfs2-devel | < 2.2.5-2E.1 | gnome-vfs2-devel-2.2.5-2E.1.x86_64.rpm |
RedHat | any | ppc | gnome-vfs2-devel | < 2.2.5-2E.1 | gnome-vfs2-devel-2.2.5-2E.1.ppc.rpm |
RedHat | any | ppc | gnome-vfs2 | < 2.2.5-2E.1 | gnome-vfs2-2.2.5-2E.1.ppc.rpm |
RedHat | any | ia64 | gnome-vfs2-devel | < 2.2.5-2E.1 | gnome-vfs2-devel-2.2.5-2E.1.ia64.rpm |
RedHat | any | x86_64 | gnome-vfs2 | < 2.2.5-2E.1 | gnome-vfs2-2.2.5-2E.1.x86_64.rpm |
RedHat | any | s390 | gnome-vfs2-devel | < 2.2.5-2E.1 | gnome-vfs2-devel-2.2.5-2E.1.s390.rpm |
RedHat | any | s390x | gnome-vfs2 | < 2.2.5-2E.1 | gnome-vfs2-2.2.5-2E.1.s390x.rpm |
RedHat | any | ia64 | gnome-vfs-devel | < 1.0.1-18.1 | gnome-vfs-devel-1.0.1-18.1.ia64.rpm |
RedHat | any | i386 | gnome-vfs | < 1.0.1-18.1 | gnome-vfs-1.0.1-18.1.i386.rpm |