[ASA-201906-16] dbus: access restriction bypass
anthraxx at archlinux.org
Wed Jun 19 11:39:12 UTC 2019
Arch Linux Security Advisory ASA-201906-16
Date : 2019-06-18
CVE-ID : CVE-2019-12749
Package : dbus
Type : access restriction bypass
Remote : No
Link : https://security.archlinux.org/AVG-974
The package dbus before version 1.12.16-1 is vulnerable to access
Upgrade to 1.12.16-1.
# pacman -Syu "dbus>=1.12.16-1"
The problem has been fixed upstream in version 1.12.16.
It has been discovered that dbus before 1.12.16 allows cookie spoofing
because of symlink mishandling in the reference implementation of
DBUS_COOKIE_SHA1 in the libdbus library. This issue only affects the
DBUS_COOKIE_SHA1 authentication mechanism.
A malicious client with write access to its own home directory could
manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a
different uid to read and write in unintended locations. In the worst
case, this could result in the DBusServer reusing a cookie that is
known to the malicious client, and treating that cookie as evidence
that a subsequent client connection came from an attacker-chosen uid,
allowing authentication bypass.
A local attacker could use this issue to bypass authentication and
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the arch-security