Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2019-13012

Disclosure Date: June 28, 2019
CVE-2019-13012
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The keyfile settings backend in GNOME GLib (aka glib2.0) before 2.60.0 creates directories using g_file_make_directory_with_parents (kfsb->dir, NULL, NULL) and files using g_file_replace_contents (kfsb->file, contents, length, NULL, FALSE, G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL). Consequently, it does not properly restrict directory (and file) permissions. Instead, for directories, 0777 permissions are used; for files, default file permissions are used. This is similar to CVE-2019-12450.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • gnome

Products

  • glib

References

Canonical
CVE-2019-13012 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13012)
Advisory
USN-4049-1 (https://usn.ubuntu.com/4049-1)
USN-4049-2 (https://usn.ubuntu.com/4049-2)
http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00022.html
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931234#12
[debian-lts-announce] 20190731 [SECURITY] [DLA 1866-1] glib2.0 security update (https://lists.debian.org/debian-lts-announce/2019/07/msg00029.html)
[debian-lts-announce] 20190805 [SECURITY] [DLA 1866-2] glib2.0 regression update (https://lists.debian.org/debian-lts-announce/2019/08/msg00004.html)
https://security.netapp.com/advisory/ntap-20190806-0003
USN-4049-1 (https://usn.ubuntu.com/4049-1/)
USN-4049-2 (https://usn.ubuntu.com/4049-2/)
https://security.netapp.com/advisory/ntap-20190806-0003/
[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E)
[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8 (https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E)
Miscellaneous
https://gitlab.gnome.org/GNOME/glib/issues/1658
https://gitlab.gnome.org/GNOME/glib/merge_requests/450
https://gitlab.gnome.org/GNOME/glib/commit/5e4da714f00f6bfb2ccd6d73d61329c6f3a08429

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis