ASA-201906-16 log original external raw
[ASA-201906-16] dbus: access restriction bypass |
---|
Arch Linux Security Advisory ASA-201906-16
==========================================
Severity: High
Date : 2019-06-18
CVE-ID : CVE-2019-12749
Package : dbus
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-974
Summary
=======
The package dbus before version 1.12.16-1 is vulnerable to access
restriction bypass.
Resolution
==========
Upgrade to 1.12.16-1.
# pacman -Syu "dbus>=1.12.16-1"
The problem has been fixed upstream in version 1.12.16.
Workaround
==========
None.
Description
===========
It has been discovered that dbus before 1.12.16 allows cookie spoofing
because of symlink mishandling in the reference implementation of
DBUS_COOKIE_SHA1 in the libdbus library. This issue only affects the
DBUS_COOKIE_SHA1 authentication mechanism.
A malicious client with write access to its own home directory could
manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a
different uid to read and write in unintended locations. In the worst
case, this could result in the DBusServer reusing a cookie that is
known to the malicious client, and treating that cookie as evidence
that a subsequent client connection came from an attacker-chosen uid,
allowing authentication bypass.
Impact
======
A local attacker could use this issue to bypass authentication and
escalate privileges.
References
==========
https://www.openwall.com/lists/oss-security/2019/06/11/2
https://gitlab.freedesktop.org/dbus/dbus/issues/269
https://gitlab.freedesktop.org/dbus/dbus/commit/47b1a4c41004bf494b87370987b222c934b19016
https://security.archlinux.org/CVE-2019-12749
|