DBusServer Vulnerability in Canonical Upstart on Ubuntu
CVE-2019-12749

7.1HIGH

Key Information:

Vendor

Freedesktop

Status
Dbus
Vendor
CVE Published:
11 June 2019
đź”” Create Freedesktop Vulnerability Alert

What is CVE-2019-12749?

The vulnerability in the DBusServer implementation of DBUS_COOKIE_SHA1 allows a malicious user with write access to their home directory to forge cookie credentials through symlink manipulation. This can lead to unauthorized access as the DBusServer may incorrectly validate a reused cookie, enabling an attacker to impersonate different user identities, thereby bypassing standard authentication mechanisms.

References

https://www.openwall.com/lists/oss-security/2019/06/11/2
x_refsource_MISC
http://www.openwall.com/lists/oss-security/2019/06/11/2
mailing-listx_refsource_MLIST
https://usn.ubuntu.com/4015-1/
vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.