3.6
CVSSv2

CVE-2019-12749

Published: 11/06/2019 Updated: 24/08/2020
CVSS v2 Base Score: 3.6 | Impact Score: 4.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.1 | Impact Score: 5.2 | Exploitability Score: 1.8
VMScore: 320
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Summary

dbus prior to 1.10.28, 1.12.x prior to 1.12.16, and 1.13.x prior to 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

freedesktop dbus

canonical ubuntu linux 19.04

canonical ubuntu linux 16.04

canonical ubuntu linux 18.10

canonical ubuntu linux 18.04

Vendor Advisories

Synopsis Moderate: dbus security update Type/Severity Security Advisory: Moderate Topic An update for dbus is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Important: dbus security update Type/Severity Security Advisory: Important Topic An update for dbus is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis Moderate: dbus security update Type/Severity Security Advisory: Moderate Topic An update for dbus is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
DBus could allow unintended access to services ...
DBus could allow unintended access to services ...
Debian Bug report logs - #930375 CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass Package: libdbus-1-3; Maintainer for libdbus-1-3 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for libdbus-1-3 is src:dbus (PTS, buildd, popcon) Reported by: Simon McVittie <smcv@debian ...
Joe Vennix discovered an authentication bypass vulnerability in dbus, an asynchronous inter-process communication system The implementation of the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a symbolic link attack A local attacker could take advantage of this flaw to bypass authentication and connect to a DBusServer with elevated ...
Debian Bug report logs - #930376 CVE-2019-12795: gvfsd GetConnection() missing authorization check Package: gvfs-daemons; Maintainer for gvfs-daemons is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gvfs-daemons is src:gvfs (PTS, buildd, popcon) Reported by: Simon McVittie <smcv@debi ...
dbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library (This only affects the DBUS_COOKIE_SHA1 authentication mechanism) A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause a DBusSer ...
Impact: Moderate Public Date: 2019-06-11 CWE: CWE-592 Bugzilla: 1719344: CVE-2019-12749 dbus: DBusServe ...
Arch Linux Security Advisory ASA-201906-16 ========================================== Severity: High Date : 2019-06-18 CVE-ID : CVE-2019-12749 Package : dbus Type : access restriction bypass Remote : No Link : securityarchlinuxorg/AVG-974 Summary ======= The package <a href="/package/dbus">dbus</a> before version ...
dbus before 11216 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library (This only affects the DBUS_COOKIE_SHA1 authentication mechanism) A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause a DBusServer with ...
Oracle Linux Bulletin - July 2019 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical Pa ...
Oracle VM Server for x86 Bulletin - July 2019 Description The Oracle VM Server for x86 Bulletin lists all CVEs that had been resolved and announced in Oracle VM Server for x86 Security Advisories (OVMSA) in the last one month prior to the release of the bulletin Oracle VM Server for x86 Bulletins are publis ...
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Synopsis Low: OpenShift Container Platform 4340 security and bug fix update Type/Severity Security Advisory: Low Topic An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
AT&T has released versions 1801-za for the Vyatta 5600 Details of these releases can be found at cloudibmcom/docs/infrastructure/virtual-router-appliance?topic=virtual-router-appliance-at-t-vyatta-5600-vrouter-software-patches#at-t-vyatta-5600-vrouter-software-patches ...
IBM Security Guardium has fixed these vulnerabilities ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4462-1 security () debian org wwwdebianorg/security/ Salvatore Bonaccorso June 13, 2019 wwwdebianorg/security/faq ...

Github Repositories

Apply allowlist to grype vulnerability scans.

sanction apply allowlist to grype scans usage sanction v010 Basic allowlisting and formatting for grype scans USAGE: sanction [OPTIONS] FLAGS: -h, --help Prints help information -V, --version Prints version information OPTIONS: -l, --allowlist <allowlist> Path to allowlist [default: allowtxt] -o, --output <output&gt