17 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-12447
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not used. CVE-2019-12447 No...
RHEL 7 : gvfs (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - gvfs: race condition in daemon/gvfsbackendadmin.c due to admin backend not implementing...
Rocky Linux 8 : GNOME (RLSA-2020:1766)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2020:1766 advisory. - There is a stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of...
AlmaLinux 8 : GNOME (ALSA-2020:1766)
The remote AlmaLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2020:1766 advisory. - There is a stack-based buffer overflow in the parsemakernote function of dcrawcommon.cpp in LibRaw 0.19.1. Crafted input will lead to a denial of servic...
Mageia: Security Advisory (MGASA-2019-0214)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE: Security Advisory for gvfs (openSUSE-SU-2019:1697-1)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
EulerOS 2.0 SP8 : gvfs (EulerOS-SA-2019-2079)
According to the versions of the gvfs packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles file ownership because setfsuid is not...
Fedora 29 : gvfs (2019-e6b02af8b8)
Update to 1.38.3 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...
Fedora 30 : gvfs (2019-6ed5523cc0)
Update to 1.40.2 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...
CVE-2019-12447
It was discovered that gvfs incorrectly set the ownership of files handled by the admin:// backend. An attacker could abuse this flaw when the destination file of a copy/move operation is handled by the admin:// backend. The attacker would have access to the target files with the ability to read...
Ubuntu 16.04 LTS / 18.04 LTS : GVfs vulnerabilities (USN-4053-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4053-1 advisory. It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong...
Ubuntu: Security Advisory (USN-4053-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
USN-4053-1: GVfs vulnerabilities
It was discovered that GVfs incorrectly handled the admin backend. Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04. CVE-2019-12447, CVE-2019-12448,...
openSUSE Security Update : gvfs (openSUSE-2019-1699)
This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls bsc1137930. - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of...
openSUSE Security Update : gvfs (openSUSE-2019-1697)
This update for gvfs fixes the following issues : Security issues fixed : - CVE-2019-12795: Fixed a vulnerability which could have allowed attacks via local D-Bus method calls bsc1137930. - CVE-2019-12447: Fixed an improper handling of file ownership in daemon/gvfsbackendadmin.c due to no use of...
openSUSE: Security Advisory for gvfs (openSUSE-SU-2019:1699-1)
The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2019-12447
The CVE-2019-12447 entry affects GNOME gvfs, specifically the gvfsbackendadmin.c component. The root cause is mishandling of file ownership because setfsuid is not used in daemon/gvfsbackendadmin.c, as described for gvfs versions 1.29.4 through 1.41.2. Consequence notes in connected documents ind...