{"id":"CVE-2019-12749","details":"dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.","modified":"2026-05-08T04:38:24.237610Z","published":"2019-06-11T17:29:00.517Z","related":["SUSE-SU-2019:14111-1","SUSE-SU-2019:1521-1","SUSE-SU-2019:1591-1","SUSE-SU-2019:1595-1","SUSE-SU-2019:1597-1","SUSE-SU-2019:2820-2","SUSE-SU-2020:1672-1","openSUSE-SU-2019:1604-1","openSUSE-SU-2019:1671-1","openSUSE-SU-2019:1750-1","openSUSE-SU-2024:10711-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"16.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"18.04"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"18.10"}]},{"cpe":"cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"19.04"}]}]},"references":[{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00059.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00092.html"},{"type":"WEB","url":"http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00026.html"},{"type":"WEB","url":"http://www.securityfocus.com/bid/108751"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00005.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V2CQF37O73VH2JDVX2ILX2KD2KLXLQOU/"},{"type":"WEB","url":"https://seclists.org/bugtraq/2019/Jun/16"},{"type":"WEB","url":"https://usn.ubuntu.com/4015-2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2019/06/11/2"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:1726"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2868"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2870"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:3707"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201909-08"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20241206-0010/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4015-1/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4462"},{"type":"ADVISORY","url":"https://www.openwall.com/lists/oss-security/2019/06/11/2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/dbus/dbus","events":[{"introduced":"0"},{"fixed":"983e62be144c3615bd44feb9850dc4ccd797e3b8"},{"introduced":"98294ab81a4d7ef00b6de5149344d92278c38593"},{"fixed":"23cc709db8fab94f11fa48772bff396b20aea8b0"},{"introduced":"ee84f84a3fde6bc3d3c5e1c11adeab8f1af6db44"},{"fixed":"df9dabe5212a1d4b4b652f8fcd7c2e61af4275ba"}],"database_specific":{"cpe":"cpe:2.3:a:freedesktop:dbus:*:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"1.10.28"},{"introduced":"1.12.0"},{"fixed":"1.12.16"},{"introduced":"1.13.0"},{"fixed":"1.13.12"}]}}],"versions":["dbus-0.1","dbus-0.10","dbus-0.11","dbus-0.12","dbus-0.13","dbus-0.2","dbus-0.20","dbus-0.21","dbus-0.22","dbus-0.23","dbus-0.3","dbus-0.31.0","dbus-0.32.0","dbus-0.33.0","dbus-0.34.0","dbus-0.35","dbus-0.36","dbus-0.4","dbus-0.5","dbus-0.50","dbus-0.6","dbus-0.60","dbus-0.61","dbus-0.62","dbus-0.7","dbus-0.8","dbus-0.9","dbus-0.90","dbus-0.91","dbus-0.92","dbus-0.93","dbus-0.94","dbus-0.95","dbus-1.0.0","dbus-1.1.0","dbus-1.1.2","dbus-1.1.20","dbus-1.1.3","dbus-1.1.4","dbus-1.10.0","dbus-1.10.10","dbus-1.10.12","dbus-1.10.14","dbus-1.10.16","dbus-1.10.18","dbus-1.10.2","dbus-1.10.20","dbus-1.10.22","dbus-1.10.24","dbus-1.10.26","dbus-1.10.4","dbus-1.10.6","dbus-1.10.8","dbus-1.12.0","dbus-1.12.10","dbus-1.12.12","dbus-1.12.14","dbus-1.12.2","dbus-1.12.4","dbus-1.12.6","dbus-1.12.8","dbus-1.13.0","dbus-1.13.10","dbus-1.13.2","dbus-1.13.4","dbus-1.13.6","dbus-1.13.8","dbus-1.2.1","dbus-1.3.0","dbus-1.3.1","dbus-1.4.0","dbus-1.4.1","dbus-1.4.4","dbus-1.4.6","dbus-1.5.0","dbus-1.5.10","dbus-1.5.12","dbus-1.5.2","dbus-1.5.4","dbus-1.5.6","dbus-1.5.8","dbus-1.6.0","dbus-1.7.0","dbus-1.7.10","dbus-1.7.2","dbus-1.7.4","dbus-1.7.6","dbus-1.7.8","dbus-1.8.0","dbus-1.9.0","dbus-1.9.10","dbus-1.9.12","dbus-1.9.14","dbus-1.9.16","dbus-1.9.18","dbus-1.9.2","dbus-1.9.20","dbus-1.9.4","dbus-1.9.8","dbus-before-object-names-merge","dbus-object-names-branchpoint"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-12749.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}]}