UBUNTU-CVE-2019-3827

Source
https://ubuntu.com/security/CVE-2019-3827
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2019/UBUNTU-CVE-2019-3827.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2019-3827
Related
Published
2019-02-11T00:00:00Z
Modified
2019-02-11T00:00:00Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
  • 6.3 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running under privileges of users belonging to the wheel group to further escalate its privileges by modifying system files without user's knowledge. Successful exploitation requires uncommon system configuration.

References

Affected packages

Ubuntu:18.04:LTS / gvfs

Package

Name
gvfs
Purl
pkg:deb/ubuntu/gvfs?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.36.1-0ubuntu1.3

Affected versions

1.*

1.34.1-1ubuntu1
1.34.1-1ubuntu3
1.34.1-1ubuntu4
1.34.1-2ubuntu2
1.35.91-1ubuntu1
1.35.91-1ubuntu2
1.36.0-1ubuntu1
1.36.1-0ubuntu1
1.36.1-0ubuntu1.1
1.36.1-0ubuntu1.2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-backends"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-backends-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-bin"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-common"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-daemons"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-daemons-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-fuse"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-fuse-dbgsym"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-libs"
        },
        {
            "binary_version": "1.36.1-0ubuntu1.3",
            "binary_name": "gvfs-libs-dbgsym"
        }
    ]
}