cnvd - cnvd-2017-34595

cnvd-2017-34595

Vulnerability from cnvd

Title: GNOME Nautilus文件类型欺骗漏洞

Description:

GNOME Nautilus是一款用于GNOME桌面环境中的文件管理器。

GNOME Nautilus 3.23.90之前的版本中存在安全漏洞。攻击者可通过使用.desktop文件扩展名利用该漏洞伪造文件类型。

Severity: 中

Patch Name: GNOME Nautilus文件类型欺骗漏洞的补丁

Patch Description:

GNOME Nautilus是一款用于GNOME桌面环境中的文件管理器。

GNOME Nautilus 3.23.90之前的版本中存在安全漏洞。攻击者可通过使用.desktop文件扩展名利用该漏洞伪造文件类型。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布漏洞修复程序，请及时关注更新： https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b

Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14604

Impacted products

Name
GNOME Nautilus <3.23.90

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101012"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14604"
    }
  },
  "description": "GNOME Nautilus\u662f\u4e00\u6b3e\u7528\u4e8eGNOME\u684c\u9762\u73af\u5883\u4e2d\u7684\u6587\u4ef6\u7ba1\u7406\u5668\u3002\r\n\r\nGNOME Nautilus 3.23.90\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528.desktop\u6587\u4ef6\u6269\u5c55\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6587\u4ef6\u7c7b\u578b\u3002",
  "discovererName": "Christian Boxdorfer",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34595",
  "openTime": "2017-11-20",
  "patchDescription": "GNOME Nautilus\u662f\u4e00\u6b3e\u7528\u4e8eGNOME\u684c\u9762\u73af\u5883\u4e2d\u7684\u6587\u4ef6\u7ba1\u7406\u5668\u3002\r\n\r\nGNOME Nautilus 3.23.90\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528.desktop\u6587\u4ef6\u6269\u5c55\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6587\u4ef6\u7c7b\u578b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNOME Nautilus\u6587\u4ef6\u7c7b\u578b\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNOME Nautilus \u003c3.23.90"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-14604",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-20",
  "title": "GNOME Nautilus\u6587\u4ef6\u7c7b\u578b\u6b3a\u9a97\u6f0f\u6d1e"
}

CVE-2017-14604 (GCVE-0-2017-14604)

Vulnerability from cvelistv5

Published

2017-09-20 08:00

Modified

2024-08-05 19:34

Severity ?

CWE

Summary

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

References

▼	URL	Tags
	https://github.com/freedomofpress/securedrop/issues/2238	x_refsource_MISC
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268	x_refsource_MISC
	https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0	x_refsource_MISC
	https://bugzilla.gnome.org/show_bug.cgi?id=777991	x_refsource_MISC
	http://www.securityfocus.com/bid/101012	vdb-entry, x_refsource_BID
	http://www.debian.org/security/2017/dsa-3994	vendor-advisory, x_refsource_DEBIAN
	https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b	x_refsource_MISC
	https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0223	vendor-advisory, x_refsource_REDHAT

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:34:39.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/freedomofpress/securedrop/issues/2238"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
          },
          {
            "name": "101012",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101012"
          },
          {
            "name": "DSA-3994",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3994"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
          },
          {
            "name": "RHSA-2018:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file\u0027s Name field ends in .pdf but this file\u0027s Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user\u0027s answer in the metadata::trusted field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-26T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/freedomofpress/securedrop/issues/2238"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
        },
        {
          "name": "101012",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101012"
        },
        {
          "name": "DSA-3994",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3994"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
        },
        {
          "name": "RHSA-2018:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file\u0027s Name field ends in .pdf but this file\u0027s Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user\u0027s answer in the metadata::trusted field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/freedomofpress/securedrop/issues/2238",
              "refsource": "MISC",
              "url": "https://github.com/freedomofpress/securedrop/issues/2238"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
            },
            {
              "name": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0",
              "refsource": "MISC",
              "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777991",
              "refsource": "MISC",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
            },
            {
              "name": "101012",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101012"
            },
            {
              "name": "DSA-3994",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3994"
            },
            {
              "name": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b",
              "refsource": "MISC",
              "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
            },
            {
              "name": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/",
              "refsource": "MISC",
              "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
            },
            {
              "name": "RHSA-2018:0223",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14604",
    "datePublished": "2017-09-20T08:00:00",
    "dateReserved": "2017-09-20T00:00:00",
    "dateUpdated": "2024-08-05T19:34:39.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted