Ubuntu 16.04 LTS / 18.04 LTS / 18.10 / 19.04 : gvfs vulnerabilities (USN-4053-1)
Medium Nessus Plugin ID 126598
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that GVfs incorrectly handled the admin backend.
Files created or moved by the admin backend could end up with the wrong ownership information, contrary to expectations. This issue only affected Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04.
(CVE-2019-12447, CVE-2019-12448, CVE-2019-12449)
It was discovered that GVfs incorrectly handled authentication on its private D-Bus socket. A local attacker could possibly connect to this socket and issue D-Bus calls. (CVE-2019-12795).
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected gvfs and / or gvfs-backends packages.