PT-2017-13575 · Gnome+4 · Gnome Nautilus+4

Micah Lee

Publicado

2017-03-25

Atualizado

2020-08-18

CVE-2017-14604

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GNOME Nautilus versions prior to 3.23.90

Description The issue allows attackers to spoof a file type by using the .desktop file extension. This can be demonstrated by an attack where a .desktop file's Name field ends in .pdf, but the Exec field launches a malicious "sh -c" command. The UI does not indicate that a file has the potentially unsafe .desktop extension; instead, it only shows the .pdf extension. An attack requires the .desktop file to have execute permission.

Recommendations For versions prior to 3.23.90, the solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. As a temporary workaround, consider restricting the execution of .desktop files to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2017-1345

CESA-2018_0223

CVE-2017-14604

DSA-3994-1

OPENSUSE-SU-2018_2210-1

RHSA-2018:0223

RHSA-2018_0223

SUSE-SU-2018:1694-1

SUSE-SU-2018:2058-1

SUSE-SU-2018_1694-1

SUSE-SU-2018_2058-1

Produtos afetados

Alt Linux

Centos

Gnome Nautilus

Red Hat

Suse

PT-2017-13575 · Gnome+4 · Gnome Nautilus+4

CVE-2017-14604

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 24