Local D-Bus Server Socket Vulnerability in GNOME gvfs

CVE-2019-12795

What is CVE-2019-12795?

A local attacker can exploit a security flaw in gvfsd, present in versions of GNOME gvfs prior to 1.38.3, 1.40.x before 1.40.2, and 1.41.x before 1.41.3. This issue arises from the improper configuration of an authorization rule, which allows the attacker to connect to an exposed private D-Bus server socket. Given that the socket accepts only a single connection, the attacker must successfully connect before the legitimate user does, enabling unauthorized D-Bus method calls and potential system compromise.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References