Vulnerabilities
Misconfiguration
Compliance
CVE Vulnerabilities

CVE-2019-12749

Improper Link Resolution Before File Access ('Link Following')

Published: Jun 11, 2019 | Modified: Dec 06, 2024
CVSS 3.x
7.1
HIGH
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
3.6 LOW
AV:L/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
7 IMPORTANT
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Ubuntu
MEDIUM
Vulnerability-free packages from our partners
root.io logo minimus.io logo echo.ai logo
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2019-12749
CWEhttps://cwe.mitre.org/data/definitions/59.html

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

NameVendorStart VersionEnd Version
DbusFreedesktop*1.10.28 (excluding)
DbusFreedesktop1.12.0 (including)1.12.16 (excluding)
DbusFreedesktop1.13.0 (including)1.13.12 (excluding)
Red Hat Enterprise Linux 6RedHatdbus-1:1.2.24-11.el6_10*
Red Hat Enterprise Linux 6.5 Advanced Update SupportRedHatdbus-1:1.2.24-9.el6_5*
Red Hat Enterprise Linux 6.6 Advanced Update SupportRedHatdbus-1:1.2.24-9.el6_6*
Red Hat Enterprise Linux 7RedHatdbus-1:1.10.24-15.el7*
Red Hat Enterprise Linux 8RedHatdbus-1:1.12.8-9.el8*
Red Hat Enterprise Linux 8RedHatdbus-1:1.12.8-9.el8*
Red Hat OpenShift DoRedHatopenshiftdo/odo-init-image-rhel7:1.1.3-2*
DbusUbuntubionic*
DbusUbuntucosmic*
DbusUbuntudevel*
DbusUbuntudisco*
DbusUbuntuesm-infra-legacy/trusty*
DbusUbuntuesm-infra/bionic*
DbusUbuntuesm-infra/xenial*
DbusUbuntutrusty/esm*
DbusUbuntuxenial*

Potential Mitigations

  • Follow the principle of least privilege when assigning access rights to entities in a software system.
  • Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2026 Aqua Security Software Ltd.   Privacy Policy | Terms of Use