PT-2002-1067 · Gnome · Nautilus

Published

2002-05-16

Updated

2008-09-05

CVE-2002-0157

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Nautilus versions 1.0.4 and earlier

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited remotely, leading to potential security breaches. The vulnerability allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

Recommendations For Nautilus versions 1.0.4 and earlier, consider restricting access to the .nautilus-metafile.xml metadata file to prevent symlink attacks until a patch is available. As a temporary workaround, consider disabling the functionality that allows local users to interact with the .nautilus-metafile.xml file. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-08167

BDU:2015-08168

BDU:2015-08169

CVE-2002-0157

Affected Products

Nautilus

PT-2002-1067 · Gnome · Nautilus

CVE-2002-0157

Related Identifiers

Affected Products

References · 9