PT-2017-13575 · Gnome+4 · Gnome Nautilus+4

Micah Lee

Published

2017-03-25

Updated

2020-08-18

CVE-2017-14604

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions GNOME Nautilus versions prior to 3.23.90

Description The issue allows attackers to spoof a file type by using the .desktop file extension. This can be demonstrated by an attack where a .desktop file's Name field ends in .pdf, but the Exec field launches a malicious "sh -c" command. The UI does not indicate that a file has the potentially unsafe .desktop extension; instead, it only shows the .pdf extension. An attack requires the .desktop file to have execute permission.

Recommendations For versions prior to 3.23.90, the solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field. As a temporary workaround, consider restricting the execution of .desktop files to minimize the risk of exploitation.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2017-1345

CESA-2018_0223

CVE-2017-14604

DSA-3994-1

OPENSUSE-SU-2018_2210-1

RHSA-2018:0223

RHSA-2018_0223

SUSE-SU-2018:1694-1

SUSE-SU-2018:2058-1

SUSE-SU-2018_1694-1

SUSE-SU-2018_2058-1

Affected Products

Alt Linux

Centos

Gnome Nautilus

Red Hat

Suse

PT-2017-13575 · Gnome+4 · Gnome Nautilus+4

CVE-2017-14604

Weakness Enumeration

Related Identifiers

Affected Products

References · 24