PT-2018-14440 · Xfce+3 · Xfce+4

0Xd0Ff9

Published

2018-04-06

Updated

2018-12-21

CVE-2018-18398

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Xfce Thunar version 1.6.15

Description The issue arises when Xfce Thunar 1.6.15 is used with Xfce 4.12, specifically with the IBus-Unikey input method for file searches within the File Manager. This mishandling leads to an out-of-bounds read and results in a segmentation fault (SEGV). An arbitrary local user could potentially exploit this by creating files in the /tmp directory before the victim uses the IBus-Unikey input method.

Recommendations For Xfce Thunar version 1.6.15, consider disabling the IBus-Unikey input method for file searches within the File Manager as a temporary workaround until a patch is available. Restrict access to the /tmp directory to minimize the risk of exploitation.

Exploit

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-1558

CVE-2018-18398

Affected Products

Alt Linux

Debian

Ibus-Unikey

Xfce

Xfce Thunar

PT-2018-14440 · Xfce+3 · Xfce+4

CVE-2018-18398

Weakness Enumeration

Related Identifiers

Affected Products

References · 13