
PEACH
Uma estrutura de isolamento de inquilino
CVE-2026-58015 is a path traversal vulnerability in GLib's D-Bus client-side implementation of the DBUS_COOKIE_SHA1 SASL authentication mechanism. The flaw allows a malicious D-Bus server to supply a crafted cookie_context parameter containing path traversal sequences, causing the client to read arbitrary files outside the intended ~/.dbus-keyrings/ directory and exfiltrate sensitive data. It affects GNOME GLib versions prior to 2.88.1, as well as Red Hat's glib2 and mingw-glib2 packages across multiple RHEL product lines. The vulnerability was reported on June 24, 2026, and publicly disclosed on June 30, 2026. It carries a CVSS v3.1 base score of 5.9 (Medium) (Github Advisory, Red Hat Bugzilla).
The root cause is improper input validation (path traversal, related to CWE-22) in glib/gio/gdbusauthmechanismsha1.c, specifically in the keyring_lookup_entry and mechanism_client_data_receive functions. The D-Bus specification explicitly prohibits characters such as /, \, . (period), spaces, and ASCII control characters in cookie context names, but GLib's client-side code accepts the cookie_context value verbatim from the server and uses it to construct a filesystem path via g_build_filename(). A malicious server can supply a value like ../../.target_file, causing the client to open an arbitrary file; the third space-separated token of the first matching line is then incorporated into a SHA1 hash computation and returned to the server as part of the authentication response, allowing the server to verify guessed file contents against the hash and exfiltrate data (Red Hat Bugzilla, Github Advisory).
Successful exploitation allows an unauthenticated attacker controlling a malicious D-Bus server to read arbitrary files accessible to the connecting client process, with a high confidentiality impact and no integrity or availability impact. Sensitive files such as credentials, private keys, or configuration data could be exfiltrated by iteratively guessing file contents and verifying them against the SHA1 hash returned during authentication. The attack scope is limited to the client system's file permissions, but any file readable by the user running the D-Bus client is potentially at risk (Red Hat Bugzilla, Github Advisory).
DBUS_COOKIE_SHA1 SASL authentication mechanism and is reachable by the target client (e.g., via a network socket or by compromising a local service endpoint).cookie_context value containing path traversal sequences (e.g., ../../etc/passwd or ../../home/user/.ssh/id_rsa) instead of a valid context name.g_build_filename() with the attacker-supplied cookie_context, opening the traversed file and extracting the third space-separated token from the first matching line.cookie_context values; repeated failed or unusual SASL DBUS_COOKIE_SHA1 authentication sequences./etc/passwd, SSH private keys, credential files) by processes that should not normally read them; unexpected reads of files outside ~/.dbus-keyrings/ by D-Bus client processes.strace or audit logs showing open()/read() syscalls on sensitive paths from D-Bus client processes (Red Hat Bugzilla).GNOME GLib version 2.88.1 addresses this vulnerability by validating the cookie_context parameter against the D-Bus specification's character restrictions. Red Hat has acknowledged affected glib2 and mingw-glib2 packages across multiple RHEL product lines; users should apply vendor-provided errata as they become available. As interim mitigations, restrict D-Bus server connections to trusted sources, implement network-level controls to prevent connections to untrusted D-Bus services, and monitor for suspicious D-Bus authentication patterns (Github Advisory, Red Hat Bugzilla).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."