CVE-2019-11460
Published: 22 April 2019
An issue was discovered in GNOME gnome-desktop 3.26, 3.28, and 3.30 prior to 3.30.2.2, and 3.32 prior to 3.32.1.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
Priority
Status
Package | Release | Status |
---|---|---|
gnome-desktop3 Launchpad, Ubuntu, Debian |
bionic |
Released
(3.28.2-0ubuntu1.3)
|
cosmic |
Released
(3.30.1-1ubuntu1.1)
|
|
disco |
Released
(3.32.1-1ubuntu1.1)
|
|
trusty |
Does not exist
(trusty was needs-triage)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
Patches: upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/02198486eb2d27928db86a685383ab4a0ff9b742 upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/83949ed5800ec99953f5ee8d2bf8b90a69daa850 upstream: https://gitlab.gnome.org/GNOME/gnome-desktop/commit/a5475e97c30682c0867bd99b78e7fe600129871a |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.0 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Changed |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |