Bug#878012: nautilus: path traversal via directory symlink
Jakub Wilk
jwilk at jwilk.net
Sun Oct 8 10:34:53 UTC 2017
Package: nautilus
Version: 3.26.0-1
Tags: security
$ tar -tvvf traversal.tar.gz
lrwxrwxrwx root/root 0 2017-09-30 17:36 tmp -> /tmp
-rw-r--r-- root/root 4 2017-09-30 17:36 tmp/moo
Unpacking this archive in Nautilus creates the /tmp/moo file.
-- System Information:
Architecture: i386
Versions of packages nautilus depends on:
ii libatk1.0-0 2.26.0-2
ii libc6 2.24-17
ii libcairo-gobject2 1.14.10-1
ii libcairo2 1.14.10-1
ii libexempi3 2.4.3-1
ii libexif12 0.6.21-2+b2
ii libgail-3-0 3.22.24-1
ii libgdk-pixbuf2.0-0 2.36.11-1
ii libglib2.0-0 2.54.1-1
ii libgnome-autoar-0-0 0.2.2-1
ii libgnome-desktop-3-12 3.26.1-1
ii libgtk-3-0 3.22.24-1
ii libnautilus-extension1a 3.26.0-1
ii libpango-1.0-0 1.40.12-1
ii libpangocairo-1.0-0 1.40.12-1
ii libselinux1 2.7-2
ii libtracker-sparql-2.0-0 2.0.1-1
ii libx11-6 2:1.6.4-3
ii nautilus-data 3.26.0-1
ii shared-mime-info 1.9-1
ii desktop-file-utils 0.23-2
ii gvfs 1.34.1-1
ii libglib2.0-data 2.54.1-1
ii gsettings-desktop-schemas 3.24.1-1
Versions of packages nautilus recommends:
ii librsvg2-common 2.40.18-1
un gvfs-backends <none>
un gnome-sushi <none>
--
Jakub Wilk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: traversal.tar.gz
Type: application/gzip
Size: 137 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnome-maintainers/attachments/20171008/154d0276/attachment.bin>
More information about the pkg-gnome-maintainers
mailing list