CyberSec.Space Logo
Back to CVE Browser

CVE-2017-14604

MEDIUM
6.5
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile31.50th
PublishedSep 20, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

Affected Platforms (CPE)

πŸ“¦
Gnome

Nautilus

< 3.23.90
πŸ’»
Debian

Debian Linux

= 8.0
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0

References & Advisories

πŸ”— http://www.debian.org/security/2017/dsa-3994
πŸ”— http://www.securityfocus.com/bid/101012
πŸ”— https://access.redhat.com/errata/RHSA-2018:0223
πŸ”— https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268
πŸ”— https://bugzilla.gnome.org/show_bug.cgi?id=777991
πŸ”— https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0
πŸ”— https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b
πŸ”— https://github.com/freedomofpress/securedrop/issues/2238

Related Vulnerabilities

CVE-2020-256608.8

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph ...

CVE-2019-114617.8

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the ...

CVE-2017-124477.8

GdkPixBuf (aka gdk-pixbuf), possibly 2.32.2, as used by GNOME Nautilus 3.14.3 on Ubuntu 16.04, allows attackers to cause a denial ...

CVE-2009-32897.8

The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allo...