bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/dos/38857.md
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

76 lines
No EOL
2.2 KiB
Markdown
Raw Permalink Blame History

* Exploit Title: Gnome Nautilus [Denial of Service]
* Discovery Date: 2015/10/27
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://www.gnome.org/
* Software Link: https://wiki.gnome.org/Apps/Nautilus
* Version: 3.16
* Tested on: Ubuntu 14.04, Fedora 22
Description
========================================================================
========
Gnome Nautilus <= v3.16 is vulnerable to DoS attack through a
malicious crafted file.
Details
- ------------------------------------------------------------------------
- --------
A malicious crafted file can be used to perform a DoS attack in
Nautilus. The attacker must have local
access to affected system or convince the victim to download the file
(email, web url etc.). Next time
the victim tries to open the directory that contains the malicious
file, Nautilus crashes without warning.
The file must have a `.jp2` extension and start with the JPEG
signature (`0xFFD8`).
Additional Notes
- ------------------------------------------------------------------------
- --------
This seems to happen every time Nautilus is trying to update the
thumbnail of the file.
In Ubuntu and Fedora process dies with the message:
```
Premature end of JPEG file
JPEG datastream contains no image
```
This vulnerability seems to affect all Nautilus versions prior to 3.16.
PoC
========================================================================
========
1. Create a file without a `.jp2` extension in an affected system
2. Open the file in a hex editor so it start with the JPEG signature
(`0xFFD8`)
3. Rename the file so it has the `.jp2` extension
4. Open directory with Nautilus
5. Nautilus dies without warning
Timeline
========================================================================
========
2015/10/27 - Discovered
2015/10/29 - Vendor notified at security@gnome.org
Solution
========================================================================
========
No official solution yet exists.
Work-around
- ------------------------------------------------------------------------
- --------
Disabling generation of thumbnails for all files, through Nautilus
options, will prevent Nautilus from crashing.
Reference in a new issue View git blame Copy permalink