Rapid7 Vulnerability & Exploit Database

RHSA-2002:064: Updated Nautilus for symlink vulnerability writing metadata files

Back to Search

RHSA-2002:064: Updated Nautilus for symlink vulnerability writing metadata files

Severity
5
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:P)
Published
05/16/2002
Created
07/25/2018
Added
10/28/2005
Modified
07/04/2017

Description

The Nautilus file manager in Red Hat Linux 7.2 has a symlink vulnerability.

The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target. The errata packages repair this problem in two ways. First they create metadata files using mkstemp() and then renaming the files, instead of creating the files in-place with a fixed filename. This patch in the errata packages was backported from the latest upstream version of Nautilus on cvs.gnome.org. Second, Nautilus used to have a preference to store metadata only in the user's home directory, rather than in each directory being browsed. This errata removes the preference and hardcodes its value to always use the home directory. This disables the shared-metadata functionality, so if two users browse the same directory they may see different icons, emblems, and so forth. Nautilus has only been shipped in Red Hat Linux 7.2; earlier versions do not contain Nautilus and thus are not vulnerable. This problem should only be exploitable locally (filesystem access is needed to create a malicious symlink). If Nautilus is not run as root, the impact should be limited to overwriting files that unprivileged users have access to. If Nautilus is run as root, a malicious symlink could overwrite system-critical files such as /etc/passwd with Nautilus metadata. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2002-0157 to this issue. The BUGTRAQ ID for this issue is 4373.

Solution(s)

  • redhat-upgrade-nautilus
  • redhat-upgrade-nautilus-devel
  • redhat-upgrade-nautilus-mozilla

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;