CVE-2019-12795
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-12795
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12795.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2019-12795
- Downstream
- Related
- Published
- 2019-06-11T22:29:06Z
- Modified
- 2025-10-08T03:38:15.011380Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
daemon/gvfsdaemon.c in gvfsd from GNOME gvfs before 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3 opened a private D-Bus server socket without configuring an authorization rule. A local attacker could connect to this server socket and issue D-Bus method calls. (Note that the server socket only accepts a single connection, so the attacker would have to discover the server and connect to the socket before its owner does.)
- References
-
- https://access.redhat.com/errata/RHSA-2019:3553
- https://gitlab.gnome.org/GNOME/gvfs/commit/70dbfc68a79faac49bd3423e079cb6902522082a
- https://gitlab.gnome.org/GNOME/gvfs/commit/d8c9138bf240975848b1c54db648ec4cd516a48f
- https://gitlab.gnome.org/GNOME/gvfs/commit/e3808a1b4042761055b1d975333a8243d67b8bfe
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00009.html
- http://www.securityfocus.com/bid/108741
- https://lists.debian.org/debian-lts-announce/2019/06/msg00014.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FP6BFQUPQRVRRFIYHFWWB6RHJNEB4LGQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M2DQVOL5H5BVLXYCEB763DCIYJQ7ZUQ2/
- https://usn.ubuntu.com/4053-1/
Affected packages
Git / github.com/gnome/gvfs
Affected ranges
- Type
- GIT
- Repo
- https://github.com/gnome/gvfs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
- Type
- GIT
- Repo
- https://gitlab.gnome.org/GNOME/gvfs
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
1.*
1.10.0
1.11.0
1.11.1
1.11.2
1.11.3
1.11.4
1.11.5
1.12.0
1.12.1
1.13.0
1.13.1
1.13.2
1.13.3
1.13.4
1.13.5
1.13.6
1.13.7
1.13.8
1.13.9
1.14.0
1.15.0
1.15.1
1.15.2
1.15.3
1.15.4
1.16.0
1.17.0
1.17.1
1.17.2
1.17.3
1.17.90
1.18.0
1.18.1
1.18.2
1.19.1
1.19.2
1.19.3
1.19.4
1.19.5
1.19.90
1.20.0
1.21.1
1.21.2
1.21.3
1.21.4
1.21.90
1.21.92
1.22.0
1.23.1
1.23.2
1.23.3
1.23.4
1.23.90
1.23.92
1.24.0
1.25.1
1.25.2
1.25.3
1.25.4
1.25.4.1
1.25.90
1.25.91
1.25.92
1.26.0
1.26.1
1.26.1.1
1.26.2
1.27.3
1.27.4
1.27.90
1.27.91
1.27.92
1.28.0
1.28.1
1.29.1
1.29.2
1.29.3
1.29.4
1.29.90
1.29.91
1.29.92
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.30.0
1.31.1
1.31.2
1.31.3
1.31.4
1.31.90
1.31.91
1.31.92
1.32.0
1.33.1
1.33.3
1.33.90
1.33.91
1.33.92
1.34.0
1.35.1
1.35.2
1.35.3
1.35.4
1.35.90
1.35.91
1.35.92
1.36.0
1.37.1
1.37.2
1.37.4
1.37.90
1.37.91
1.38.0
1.38.1
1.38.2
1.39.1
1.39.3
1.39.4
1.39.90
1.39.91
1.39.92
1.4.0
1.40.0
1.40.1
1.41.1
1.41.2
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.7.0
1.7.1
1.7.2
1.7.3
1.9.0
1.9.1
1.9.2
1.9.3
1.9.4
1.9.5
Other
GVFS_0_0_1
GVFS_0_0_2
GVFS_0_1_0
GVFS_0_1_1
GVFS_0_1_10
GVFS_0_1_11
GVFS_0_1_2
GVFS_0_1_3
GVFS_0_1_4
GVFS_0_1_5
GVFS_0_1_6
GVFS_0_1_7
GVFS_0_1_8
GVFS_0_1_9
GVFS_0_2_0
GVFS_0_2_0_1
GVFS_0_2_1
GVFS_0_2_2
GVFS_0_2_4
GVFS_0_99_1
GVFS_0_99_2
GVFS_0_99_3
GVFS_0_99_4
GVFS_0_99_5
GVFS_0_99_6
GVFS_0_99_7
GVFS_1_1_1
GVFS_1_1_2
GVFS_1_1_3
GVFS_1_1_4
GVFS_1_1_5
GVFS_1_1_6
GVFS_1_1_7
GVFS_1_1_8
GVFS_1_2_1
GVFS_1_2_2
Database specific
{
"vanir_signatures": [
{
"signature_version": "v1",
"digest": {
"length": 788.0,
"function_hash": "260847502622409619292779471927008858971"
},
"id": "CVE-2019-12795-099c33e6",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_finalize"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a"
},
{
"signature_version": "v1",
"digest": {
"length": 881.0,
"function_hash": "122317140833222875799533544001559550918"
},
"id": "CVE-2019-12795-1736f68d",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "handle_get_connection"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe"
},
{
"signature_version": "v1",
"digest": {
"length": 1683.0,
"function_hash": "45335142991908048850859058299857565986"
},
"id": "CVE-2019-12795-243cfe05",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_init"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe"
},
{
"signature_version": "v1",
"digest": {
"length": 1683.0,
"function_hash": "45335142991908048850859058299857565986"
},
"id": "CVE-2019-12795-26b384e6",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_init"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a"
},
{
"signature_version": "v1",
"digest": {
"length": 788.0,
"function_hash": "260847502622409619292779471927008858971"
},
"id": "CVE-2019-12795-6564d210",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_finalize"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe"
},
{
"signature_version": "v1",
"digest": {
"length": 881.0,
"function_hash": "122317140833222875799533544001559550918"
},
"id": "CVE-2019-12795-6a721d2c",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "handle_get_connection"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f"
},
{
"signature_version": "v1",
"digest": {
"length": 1683.0,
"function_hash": "45335142991908048850859058299857565986"
},
"id": "CVE-2019-12795-8685fad0",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_init"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202250683871061836011757592528105526267",
"201515347353904563617957138196383894103",
"4475450305315191071107058679750007501",
"24713737879894399815118231771454515989",
"18683510416179814490481082309098974202",
"309028196496005031498698124258079682922",
"149084874730935543806618573127165592157",
"204331926161744637474946895562570874144",
"70876256530375104550855307606044083304",
"126906244417576701741993537493109047124",
"220762000836528630128511943658518269288",
"312129091379922289298716051949334978477",
"328440218195079683635530675818577656548",
"162662242332415065681266821072996997654",
"29127584062838663407548935586734896295",
"148385315265121300316597790381879520220",
"260994257354779420739327764368110071050",
"186574111959266575641265468925696768397"
]
},
"id": "CVE-2019-12795-894cb75a",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c"
},
"signature_type": "Line",
"source": "https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a"
},
{
"signature_version": "v1",
"digest": {
"length": 788.0,
"function_hash": "260847502622409619292779471927008858971"
},
"id": "CVE-2019-12795-9bdbecdb",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "g_vfs_daemon_finalize"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202250683871061836011757592528105526267",
"201515347353904563617957138196383894103",
"4475450305315191071107058679750007501",
"24713737879894399815118231771454515989",
"18683510416179814490481082309098974202",
"309028196496005031498698124258079682922",
"149084874730935543806618573127165592157",
"204331926161744637474946895562570874144",
"70876256530375104550855307606044083304",
"126906244417576701741993537493109047124",
"220762000836528630128511943658518269288",
"312129091379922289298716051949334978477",
"328440218195079683635530675818577656548",
"162662242332415065681266821072996997654",
"29127584062838663407548935586734896295",
"148385315265121300316597790381879520220",
"260994257354779420739327764368110071050",
"186574111959266575641265468925696768397"
]
},
"id": "CVE-2019-12795-b3060bce",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c"
},
"signature_type": "Line",
"source": "https://gitlab.gnome.org/GNOME/gvfs@d8c9138bf240975848b1c54db648ec4cd516a48f"
},
{
"signature_version": "v1",
"digest": {
"length": 881.0,
"function_hash": "122317140833222875799533544001559550918"
},
"id": "CVE-2019-12795-dcbbf5e8",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c",
"function": "handle_get_connection"
},
"signature_type": "Function",
"source": "https://gitlab.gnome.org/GNOME/gvfs@70dbfc68a79faac49bd3423e079cb6902522082a"
},
{
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202250683871061836011757592528105526267",
"201515347353904563617957138196383894103",
"4475450305315191071107058679750007501",
"24713737879894399815118231771454515989",
"18683510416179814490481082309098974202",
"309028196496005031498698124258079682922",
"149084874730935543806618573127165592157",
"204331926161744637474946895562570874144",
"70876256530375104550855307606044083304",
"126906244417576701741993537493109047124",
"220762000836528630128511943658518269288",
"312129091379922289298716051949334978477",
"328440218195079683635530675818577656548",
"162662242332415065681266821072996997654",
"29127584062838663407548935586734896295",
"148385315265121300316597790381879520220",
"260994257354779420739327764368110071050",
"186574111959266575641265468925696768397"
]
},
"id": "CVE-2019-12795-fe01d51c",
"deprecated": false,
"target": {
"file": "daemon/gvfsdaemon.c"
},
"signature_type": "Line",
"source": "https://gitlab.gnome.org/GNOME/gvfs@e3808a1b4042761055b1d975333a8243d67b8bfe"
}
]
}