ID CVE-2019-12449
Summary An issue was discovered in GNOME gvfs 1.29.4 through 1.41.2. daemon/gvfsbackendadmin.c mishandles a file's user and group ownership during move (and copy with G_FILE_COPY_ALL_METADATA) operations from admin:// to file:// URIs, because root privileges are unavailable.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.29.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.30.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.31.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.32.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.33.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.34.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.35.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.36.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.37.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.38.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.3:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.4:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.4:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.90:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.90:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.91:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.91:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.39.92:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.39.92:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.40.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.40.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.40.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.40.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.40.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.40.2:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.41.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.41.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:gvfs:1.41.2:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:gvfs:1.41.2:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 3.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-755
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:M/Au:S/C:P/I:N/A:N
redhat via4
rpms
  • LibRaw-0:0.19.5-1.el8
  • LibRaw-debuginfo-0:0.19.5-1.el8
  • LibRaw-debugsource-0:0.19.5-1.el8
  • LibRaw-devel-0:0.19.5-1.el8
  • LibRaw-samples-debuginfo-0:0.19.5-1.el8
  • accountsservice-0:0.6.50-8.el8
  • accountsservice-debuginfo-0:0.6.50-8.el8
  • accountsservice-debugsource-0:0.6.50-8.el8
  • accountsservice-devel-0:0.6.50-8.el8
  • accountsservice-libs-0:0.6.50-8.el8
  • accountsservice-libs-debuginfo-0:0.6.50-8.el8
  • appstream-data-0:8-20191129.el8
  • baobab-0:3.28.0-4.el8
  • baobab-debuginfo-0:3.28.0-4.el8
  • baobab-debugsource-0:3.28.0-4.el8
  • clutter-0:1.26.2-8.el8
  • clutter-debuginfo-0:1.26.2-8.el8
  • clutter-debugsource-0:1.26.2-8.el8
  • clutter-devel-0:1.26.2-8.el8
  • clutter-doc-0:1.26.2-8.el8
  • clutter-tests-debuginfo-0:1.26.2-8.el8
  • evince-0:3.28.4-4.el8
  • evince-browser-plugin-0:3.28.4-4.el8
  • evince-browser-plugin-debuginfo-0:3.28.4-4.el8
  • evince-debuginfo-0:3.28.4-4.el8
  • evince-debugsource-0:3.28.4-4.el8
  • evince-libs-0:3.28.4-4.el8
  • evince-libs-debuginfo-0:3.28.4-4.el8
  • evince-nautilus-0:3.28.4-4.el8
  • evince-nautilus-debuginfo-0:3.28.4-4.el8
  • gdm-1:3.28.3-29.el8
  • gdm-debuginfo-1:3.28.3-29.el8
  • gdm-debugsource-1:3.28.3-29.el8
  • gjs-0:1.56.2-4.el8
  • gjs-debuginfo-0:1.56.2-4.el8
  • gjs-debugsource-0:1.56.2-4.el8
  • gjs-devel-0:1.56.2-4.el8
  • gjs-tests-debuginfo-0:1.56.2-4.el8
  • gnome-boxes-0:3.28.5-8.el8
  • gnome-boxes-debuginfo-0:3.28.5-8.el8
  • gnome-boxes-debugsource-0:3.28.5-8.el8
  • gnome-control-center-0:3.28.2-19.el8
  • gnome-control-center-debuginfo-0:3.28.2-19.el8
  • gnome-control-center-debugsource-0:3.28.2-19.el8
  • gnome-control-center-filesystem-0:3.28.2-19.el8
  • gnome-menus-0:3.13.3-11.el8
  • gnome-menus-debuginfo-0:3.13.3-11.el8
  • gnome-menus-debugsource-0:3.13.3-11.el8
  • gnome-menus-devel-0:3.13.3-11.el8
  • gnome-online-accounts-0:3.28.2-1.el8
  • gnome-online-accounts-debuginfo-0:3.28.2-1.el8
  • gnome-online-accounts-debugsource-0:3.28.2-1.el8
  • gnome-online-accounts-devel-0:3.28.2-1.el8
  • gnome-remote-desktop-0:0.1.6-8.el8
  • gnome-remote-desktop-debuginfo-0:0.1.6-8.el8
  • gnome-remote-desktop-debugsource-0:0.1.6-8.el8
  • gnome-session-0:3.28.1-8.el8
  • gnome-session-debuginfo-0:3.28.1-8.el8
  • gnome-session-debugsource-0:3.28.1-8.el8
  • gnome-session-wayland-session-0:3.28.1-8.el8
  • gnome-session-xsession-0:3.28.1-8.el8
  • gnome-settings-daemon-0:3.32.0-9.el8
  • gnome-settings-daemon-debuginfo-0:3.32.0-9.el8
  • gnome-settings-daemon-debugsource-0:3.32.0-9.el8
  • gnome-shell-0:3.32.2-14.el8
  • gnome-shell-debuginfo-0:3.32.2-14.el8
  • gnome-shell-debugsource-0:3.32.2-14.el8
  • gnome-software-0:3.30.6-3.el8
  • gnome-software-debuginfo-0:3.30.6-3.el8
  • gnome-software-debugsource-0:3.30.6-3.el8
  • gnome-software-editor-0:3.30.6-3.el8
  • gnome-software-editor-debuginfo-0:3.30.6-3.el8
  • gnome-terminal-0:3.28.3-1.el8
  • gnome-terminal-debuginfo-0:3.28.3-1.el8
  • gnome-terminal-debugsource-0:3.28.3-1.el8
  • gnome-terminal-nautilus-0:3.28.3-1.el8
  • gnome-terminal-nautilus-debuginfo-0:3.28.3-1.el8
  • gnome-tweaks-0:3.28.1-7.el8
  • gsettings-desktop-schemas-0:3.32.0-4.el8
  • gsettings-desktop-schemas-devel-0:3.32.0-4.el8
  • gtk-update-icon-cache-0:3.22.30-5.el8
  • gtk-update-icon-cache-debuginfo-0:3.22.30-5.el8
  • gtk3-0:3.22.30-5.el8
  • gtk3-debuginfo-0:3.22.30-5.el8
  • gtk3-debugsource-0:3.22.30-5.el8
  • gtk3-devel-0:3.22.30-5.el8
  • gtk3-devel-debuginfo-0:3.22.30-5.el8
  • gtk3-immodule-xim-0:3.22.30-5.el8
  • gtk3-immodule-xim-debuginfo-0:3.22.30-5.el8
  • gtk3-immodules-debuginfo-0:3.22.30-5.el8
  • gtk3-tests-debuginfo-0:3.22.30-5.el8
  • gvfs-0:1.36.2-8.el8
  • gvfs-afc-0:1.36.2-8.el8
  • gvfs-afc-debuginfo-0:1.36.2-8.el8
  • gvfs-afp-0:1.36.2-8.el8
  • gvfs-afp-debuginfo-0:1.36.2-8.el8
  • gvfs-archive-0:1.36.2-8.el8
  • gvfs-archive-debuginfo-0:1.36.2-8.el8
  • gvfs-client-0:1.36.2-8.el8
  • gvfs-client-debuginfo-0:1.36.2-8.el8
  • gvfs-debuginfo-0:1.36.2-8.el8
  • gvfs-debugsource-0:1.36.2-8.el8
  • gvfs-devel-0:1.36.2-8.el8
  • gvfs-fuse-0:1.36.2-8.el8
  • gvfs-fuse-debuginfo-0:1.36.2-8.el8
  • gvfs-goa-0:1.36.2-8.el8
  • gvfs-goa-debuginfo-0:1.36.2-8.el8
  • gvfs-gphoto2-0:1.36.2-8.el8
  • gvfs-gphoto2-debuginfo-0:1.36.2-8.el8
  • gvfs-mtp-0:1.36.2-8.el8
  • gvfs-mtp-debuginfo-0:1.36.2-8.el8
  • gvfs-smb-0:1.36.2-8.el8
  • gvfs-smb-debuginfo-0:1.36.2-8.el8
  • libvncserver-0:0.9.11-14.el8
  • libvncserver-debuginfo-0:0.9.11-14.el8
  • libvncserver-debugsource-0:0.9.11-14.el8
  • libvncserver-devel-0:0.9.11-14.el8
  • libxslt-0:1.1.32-4.el8
  • libxslt-debuginfo-0:1.1.32-4.el8
  • libxslt-debugsource-0:1.1.32-4.el8
  • libxslt-devel-0:1.1.32-4.el8
  • mozjs52-0:52.9.0-2.el8
  • mozjs52-debuginfo-0:52.9.0-2.el8
  • mozjs52-debugsource-0:52.9.0-2.el8
  • mozjs52-devel-0:52.9.0-2.el8
  • mozjs52-devel-debuginfo-0:52.9.0-2.el8
  • mozjs60-0:60.9.0-4.el8
  • mozjs60-debuginfo-0:60.9.0-4.el8
  • mozjs60-debugsource-0:60.9.0-4.el8
  • mozjs60-devel-0:60.9.0-4.el8
  • mutter-0:3.32.2-34.el8
  • mutter-debuginfo-0:3.32.2-34.el8
  • mutter-debugsource-0:3.32.2-34.el8
  • mutter-devel-0:3.32.2-34.el8
  • mutter-tests-debuginfo-0:3.32.2-34.el8
  • nautilus-0:3.28.1-12.el8
  • nautilus-debuginfo-0:3.28.1-12.el8
  • nautilus-debugsource-0:3.28.1-12.el8
  • nautilus-devel-0:3.28.1-12.el8
  • nautilus-extensions-0:3.28.1-12.el8
  • nautilus-extensions-debuginfo-0:3.28.1-12.el8
  • vala-0:0.40.19-1.el8
  • vala-debuginfo-0:0.40.19-1.el8
  • vala-debugsource-0:0.40.19-1.el8
  • vala-devel-0:0.40.19-1.el8
  • valadoc-debuginfo-0:0.40.19-1.el8
  • vinagre-0:3.22.0-21.el8
  • vinagre-debuginfo-0:3.22.0-21.el8
  • vinagre-debugsource-0:3.22.0-21.el8
refmap via4
fedora
  • FEDORA-2019-6ed5523cc0
  • FEDORA-2019-e6b02af8b8
misc https://gitlab.gnome.org/GNOME/gvfs/commit/409619412e11be146a31b9a99ed965925f1aabb8
mlist [oss-security] 20190709 Privileged File Access from Desktop Applications
suse
  • openSUSE-SU-2019:1697
  • openSUSE-SU-2019:1699
ubuntu USN-4053-1
Last major update 24-08-2020 - 17:37
Published 29-05-2019 - 17:29
Last modified 24-08-2020 - 17:37
Back to Top