Debian Bug report logs -
#930376
CVE-2019-12795: gvfsd GetConnection() missing authorization check
Package:
gvfs-daemons;
Maintainer for gvfs-daemons is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Source for gvfs-daemons is src:gvfs (PTS, buildd, popcon)
Reported by: Simon McVittie <smcv@debi ...
Debian Bug report logs -
#930375
CVE-2019-12749: DBusServer DBUS_COOKIE_SHA1 authentication bypass
Package:
libdbus-1-3;
Maintainer for libdbus-1-3 is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Source for libdbus-1-3 is src:dbus (PTS, buildd, popcon)
Reported by: Simon McVittie <smcv@debian ...
DBus could allow unintended access to services ...
DBus could allow unintended access to services ...
Joe Vennix discovered an authentication bypass vulnerability in dbus, an
asynchronous inter-process communication system The implementation of
the DBUS_COOKIE_SHA1 authentication mechanism was susceptible to a
symbolic link attack A local attacker could take advantage of this flaw
to bypass authentication and connect to a DBusServer with elevated ...
Synopsis
Moderate: dbus security update
Type/Severity
Security Advisory: Moderate
Topic
An update for dbus is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Moderate: dbus security update
Type/Severity
Security Advisory: Moderate
Topic
An update for dbus is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gi ...
Synopsis
Important: dbus security update
Type/Severity
Security Advisory: Important
Topic
An update for dbus is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which ...
Synopsis
Important: dbus security update
Type/Severity
Security Advisory: Important
Topic
An update for dbus is now available for Red Hat Enterprise Linux 65 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Important: dbus security update
Type/Severity
Security Advisory: Important
Topic
An update for dbus is now available for Red Hat Enterprise Linux 66 Advanced Update SupportRed Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring Syste ...
Synopsis
Low: OpenShift Container Platform 4340 security and bug fix update
Type/Severity
Security Advisory: Low
Topic
An update is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Low A Common Vulnerability Scoring S ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 36 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Synopsis
Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Type/Severity
Security Advisory: Moderate
Topic
Red Hat Ansible Tower 37 runner release (CVE-2019-18874)
Description
Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
A flaw was found in dbus The implementation of DBUS_COOKIE_SHA1 is susceptible to a symbolic link attack A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations resulting in an authentication bypass The highest threat from this vu ...
dbus as used in DBusServer, allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library (This only affects the DBUS_COOKIE_SHA1 authentication mechanism) A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause a DBusSer ...
Impact:
Moderate
Public Date:
2019-06-11
CWE:
CWE-592
Bugzilla:
1719344:
CVE-2019-12749 dbus: DBusServe ...
dbus before 11216 allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library (This only affects the DBUS_COOKIE_SHA1 authentication mechanism) A malicious client with write access to its own home directory could manipulate a ~/dbus-keyrings symlink to cause a DBusServer with ...