CVE-2019-12749

Priority
Description
dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as
used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less
common, uses of dbus-daemon), allows cookie spoofing because of symlink
mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the
libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication
mechanism.) A malicious client with write access to its own home directory
could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a
different uid to read and write in unintended locations. In the worst case,
this could result in the DBusServer reusing a cookie that is known to the
malicious client, and treating that cookie as evidence that a subsequent
client connection came from an attacker-chosen uid, allowing authentication
bypass.
Assigned-to
mdeslaur
Notes
More Information

Updated: 2019-12-05 21:09:48 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)