Vulnerability Details : CVE-2017-14604

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.
Publish Date : 2017-09-20 Last Update Date : 2018-01-26

Collapse All Expand All Select Select&Copy	Scroll To Vendor Statements(0) Additional Vendor Data(0) OVAL Definitions(0) Vulnerable Products(0) # Of Vulns By Products References(0) Metasploit Modules(0)	Comments View User Comments Add Comment	External Links Secunia Advisories XForce Advisories Vulnerability Details at NVD Vulnerability Details at Mitre Nessus Plugins Linux Kernel Git Repository First CVSS Guide
Search Twitter Search YouTube Search Google

- CVSS Scores & Vulnerability Types

CVSS Score	4.0
Confidentiality Impact	None (There is no impact to the confidentiality of the system.)
Integrity Impact	Partial (Modification of some system files or information is possible, but the attacker does not have control over what can be modified, or the scope of what the attacker can affect is limited.)
Availability Impact	None (There is no impact to the availability of the system.)
Access Complexity	Low (Specialized access conditions or extenuating circumstances do not exist. Very little knowledge or skill is required to exploit. )
Authentication	Single system (The vulnerability requires an attacker to be logged into the system (such as at a command line or via a desktop session or web interface).)
Gained Access	None
Vulnerability Type(s)	Execute Code
CWE ID	20

- Related OVAL Definitions

Title	Definition Id	Class	Family
RHSA-2018:0223: nautilus security update (Moderate)	oval:com.redhat.rhsa:def:20180223		unix

OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.

- Products Affected By CVE-2017-14604

#	Product Type	Vendor	Product	Version	Update	Edition	Language
1	Application	Gnome	Nautilus	3.22.3				Version Details Vulnerabilities

- Number Of Affected Versions By Product

Vendor	Product	Vulnerable Versions
Gnome	Nautilus	1

- References For CVE-2017-14604

https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/

https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0

https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69b

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268

https://github.com/freedomofpress/securedrop/issues/2238

https://bugzilla.gnome.org/show_bug.cgi?id=777991

http://www.securityfocus.com/bid/101012
BID 101012 GNOME Nautilus CVE-2017-14604 Arbitrary Command Execution Vulnerability Release Date:2017-10-09

https://access.redhat.com/errata/RHSA-2018:0223
REDHAT RHSA-2018:0223

http://www.debian.org/security/2017/dsa-3994
DEBIAN DSA-3994

- Metasploit Modules Related To CVE-2017-14604

There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information)