Mageia: 2019-0339 Moderate: dbus Cookie Spoofing Bypass Issue
mageia
November 30, 2019
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), a...
Summary
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as
used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less
common, uses of dbus-daemon), allows cookie spoofing because of symlink
mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the
libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication
mechanism.) A malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a
different uid to read and write in unintended locations. In the worst case,
this could result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing authentication
bypass (CVE-2019-12749).
References
- https://bugs.mageia.org/show_bug.cgi?id=24944
- https://www.openwall.com/lists/oss-security/2019/06/11/2
- https://www.cve.org/CVERecord?id=CVE-2019-12749
Topics Covered
Resolution
SRPMS
- 7/core/dbus-1.13.8-4.1.mga7
PREVIOUS
NEXT
Publication date: 30 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0339.html
Type: security
CVE: CVE-2019-12749
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!