Shell Command Injection when changing emblem with nemo
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Linux Mint |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
Security Problem in LinuxMint with Cinnamon Desktop and the nemo filemanager Version 2.6.7
The Line 132 in the python script "nemo-emblems.py" is vulnerable for Code Injection :
os.system("touch \"%s\"" % self.filename) # touch the file (to force Nemo to re-render its icon)
Exploit Demo :
-------
1) start the nemo file manager
2) rename a folder with nemo to this folder name
";killall nemo;#
3) Now change the EMBLEM icon of the folder with nemo
(rigthclick on the folder , choose a icon on the emblem tab)
4) nemo will be killed for a prove of concept.
This is only a simple Demo to do no harm to the user.
Each and every other command could be injected wich could do almost everything !
It's neraly the same issue as with he folder colors, i already reported on github
https:/
So, do not use os.system() in any python script anymore, use subprocess please
information type: | Private Security → Public Security |
https:/ /github. com/linuxmint/ nemo-extensions /commit/ 109401c63ea897c 58330115042ebc2 0412df8014