#VU17775 Security restrictions bypass in gvfs - CVE-2019-3827

Cybersecurity Help s.r.o.

Published: 2019-02-19

Vulnerability identifier: #VU17775

Vulnerability risk: Low

CVSSv4.0: 4.8 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2019-3827

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
gvfs
Client/Desktop applications / Other client software

Vendor: Gnome Development Team

Description

The vulnerability allows a local attacker to escalate privileges on the system.

The vulnerability exists due to incorrect permission check in the admin backend. A local attacker can run malicious programs under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

gvfs: 1.38.1-1

External links
https://gitlab.gnome.org/GNOME/gvfs/issues/355

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Red Hat update for gvfs

OpenSUSE Linux update for gvfs

Ubuntu update for GVfs