cnvd - cnvd-2017-34595

CNVD-2017-34595

Vulnerability from cnvd - Published: 2017-11-20

Title

GNOME Nautilus文件类型欺骗漏洞

Description

GNOME Nautilus是一款用于GNOME桌面环境中的文件管理器。 GNOME Nautilus 3.23.90之前的版本中存在安全漏洞。攻击者可通过使用.desktop文件扩展名利用该漏洞伪造文件类型。

Severity

中

Patch Name

GNOME Nautilus文件类型欺骗漏洞的补丁

Patch Description

GNOME Nautilus是一款用于GNOME桌面环境中的文件管理器。 GNOME Nautilus 3.23.90之前的版本中存在安全漏洞。攻击者可通过使用.desktop文件扩展名利用该漏洞伪造文件类型。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布漏洞修复程序，请及时关注更新： https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b

Reference

https://nvd.nist.gov/vuln/detail/CVE-2017-14604

Impacted products

Name
GNOME Nautilus <3.23.90

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "101012"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-14604"
    }
  },
  "description": "GNOME Nautilus\u662f\u4e00\u6b3e\u7528\u4e8eGNOME\u684c\u9762\u73af\u5883\u4e2d\u7684\u6587\u4ef6\u7ba1\u7406\u5668\u3002\r\n\r\nGNOME Nautilus 3.23.90\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528.desktop\u6587\u4ef6\u6269\u5c55\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6587\u4ef6\u7c7b\u578b\u3002",
  "discovererName": "Christian Boxdorfer",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-34595",
  "openTime": "2017-11-20",
  "patchDescription": "GNOME Nautilus\u662f\u4e00\u6b3e\u7528\u4e8eGNOME\u684c\u9762\u73af\u5883\u4e2d\u7684\u6587\u4ef6\u7ba1\u7406\u5668\u3002\r\n\r\nGNOME Nautilus 3.23.90\u4e4b\u524d\u7684\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u4f7f\u7528.desktop\u6587\u4ef6\u6269\u5c55\u540d\u5229\u7528\u8be5\u6f0f\u6d1e\u4f2a\u9020\u6587\u4ef6\u7c7b\u578b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "GNOME Nautilus\u6587\u4ef6\u7c7b\u578b\u6b3a\u9a97\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "GNOME Nautilus \u003c3.23.90"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2017-14604",
  "serverity": "\u4e2d",
  "submitTime": "2017-09-20",
  "title": "GNOME Nautilus\u6587\u4ef6\u7c7b\u578b\u6b3a\u9a97\u6f0f\u6d1e"
}

CVE-2017-14604 (GCVE-0-2017-14604)

Vulnerability from cvelistv5 – Published: 2017-09-20 08:00 – Updated: 2024-08-05 19:34

Summary

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://github.com/freedomofpress/securedrop/issu…	x_refsource_MISC
	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug…	x_refsource_MISC
	https://github.com/GNOME/nautilus/commit/1630f534…	x_refsource_MISC
	https://bugzilla.gnome.org/show_bug.cgi?id=777991	x_refsource_MISC
	http://www.securityfocus.com/bid/101012	vdb-entryx_refsource_BID
	http://www.debian.org/security/2017/dsa-3994	vendor-advisoryx_refsource_DEBIAN
	https://github.com/GNOME/nautilus/commit/bc919205…	x_refsource_MISC
	https://micahflee.com/2017/04/breaking-the-securi…	x_refsource_MISC
	https://access.redhat.com/errata/RHSA-2018:0223	vendor-advisoryx_refsource_REDHAT

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:34:39.448Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/freedomofpress/securedrop/issues/2238"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
          },
          {
            "name": "101012",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101012"
          },
          {
            "name": "DSA-3994",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2017/dsa-3994"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
          },
          {
            "name": "RHSA-2018:0223",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0223"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-09-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file\u0027s Name field ends in .pdf but this file\u0027s Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user\u0027s answer in the metadata::trusted field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-01-26T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/freedomofpress/securedrop/issues/2238"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
        },
        {
          "name": "101012",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101012"
        },
        {
          "name": "DSA-3994",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2017/dsa-3994"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
        },
        {
          "name": "RHSA-2018:0223",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0223"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14604",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file\u0027s Name field ends in .pdf but this file\u0027s Exec field launches a malicious \"sh -c\" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user\u0027s answer in the metadata::trusted field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/freedomofpress/securedrop/issues/2238",
              "refsource": "MISC",
              "url": "https://github.com/freedomofpress/securedrop/issues/2238"
            },
            {
              "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268",
              "refsource": "MISC",
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268"
            },
            {
              "name": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0",
              "refsource": "MISC",
              "url": "https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0"
            },
            {
              "name": "https://bugzilla.gnome.org/show_bug.cgi?id=777991",
              "refsource": "MISC",
              "url": "https://bugzilla.gnome.org/show_bug.cgi?id=777991"
            },
            {
              "name": "101012",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101012"
            },
            {
              "name": "DSA-3994",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2017/dsa-3994"
            },
            {
              "name": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b",
              "refsource": "MISC",
              "url": "https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b"
            },
            {
              "name": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/",
              "refsource": "MISC",
              "url": "https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/"
            },
            {
              "name": "RHSA-2018:0223",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0223"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14604",
    "datePublished": "2017-09-20T08:00:00",
    "dateReserved": "2017-09-20T00:00:00",
    "dateUpdated": "2024-08-05T19:34:39.448Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2017-34595

CVE-2017-14604 (GCVE-0-2017-14604)

Tags

Sightings

Nomenclature