CVE-2019-12749: Critical severity IBM Security Guardium vulnerability

Published Jun 11, 2019
·
Updated

A flaw was discovered in dbus where the implementation of DBUSCOOKIESHA1 is susceptible to a symbolic link attack. A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause the DBusServer to read and write in unintended locations. This could result in authentication bypass.

Other sources

D-Bus could allow a remote attacker to bypass security restrictions, caused by symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus library. By manipulating a ~/.dbus-keyrings symlink, an attacker could exploit this vulnerability to bypass DBUSCOOKIESHA1 authentication to allow a DBusServer with a different uid to read and write in arbitrary locations.

IBM

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUSCOOKIESHA1 in the libdbus library. (This only affects the DBUSCOOKIESHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Launchpad

Affected Software

17 affected componentsFixes available
redhat/dbus<1.10.28
1.10.28
redhat/dbus<1.12.16
1.12.16
redhat/dbus<1.13.12
1.13.12
IBM Security Guardium<=10.5
IBM Security Guardium<=10.6
IBM Security Guardium<=11.0
IBM Security Guardium<=11.1
IBM Security Guardium<=11.2
IBM Security Guardium<=11.3
Freedesktop dbus<1.10.28
Freedesktop dbus>=1.12.0<1.12.16
Freedesktop dbus>=1.13.0<1.13.12
Canonical Ubuntu Linux=16.04
Canonical Ubuntu Linux=18.04
Canonical Ubuntu Linux=18.10
Canonical Ubuntu Linux=19.04
debian/dbus
1.12.28-0+deb11u11.12.24-0+deb11u11.14.10-1~deb12u11.16.2-21.16.2-4

Remediation

Patch Available

https://gitlab.freedesktop.org/dbus/dbus/uploads/25073ca3ccbcd7839d5c0d8224e42d99/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch

Patch Available

https://gitlab.freedesktop.org/dbus/dbus/uploads/1d0109466b4564df1ad093aad2fcebfa/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch

Patch Available

https://gitlab.freedesktop.org/dbus/dbus/uploads/10e58a024127b230b142932c79f0a94e/0001-auth-Reject-DBUS_COOKIE_SHA1-for-users-other-than-th.patch

Event History

Jun 11, 2019
CVE Published
via MITRE·04:11 PM
Data Sourced
via MITRE·04:11 PM
Description
Data Sourced
04:39 PM
SeverityAffected Software
Data Sourced
via NVD·05:29 PM
DescriptionSeverityWeaknessAffected Software
Feb 13, 2026
Data Sourced
via Ubuntu·08:04 PM
RemedyDescriptionSeverityAffected Software
Data Sourced
via Launchpad·08:05 PM
Description
Feb 26, 2026
Data Sourced
via Debian·08:12 PM
DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2019-12749.

2

What is the severity of CVE-2019-12749?

The severity of CVE-2019-12749 is critical with a severity value of 9.1.

3

What is the affected software for CVE-2019-12749?

The affected software for CVE-2019-12749 includes dbus versions 1.10.x, 1.12.x, and 1.13.x.

4

How can a remote attacker exploit this vulnerability?

A remote attacker can exploit this vulnerability through cookie spoofing caused by symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library.

5

Is there a fix available for CVE-2019-12749?

Yes, there are fixes available for CVE-2019-12749. Please refer to the vendor-specific advisories for the appropriate remediation steps.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203