caja folder-color.py -> Shell Injection with icon theme
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Folder Color |
Fix Released
|
Undecided
|
costales |
Bug Description
OS: UbuntuMATE 15.10
File : /usr/share/
Version : Folder Color 0.0.78
By changing the folder color, shell code can be injected by a icon theme.
The python script uses os.system.
Line : 783
# MATE
Exploit Example :
1) Copy some icon theme into the user .icons folder and rename it to this name :
/home/<
2) Edit this file : index.theme
[Icon Theme]
Name=The `xeyes` icon theme
3) Use the icon theme
4) Run caja and then rigthclick onto a folder and change his color to the GLOBAL color blue.
5) The program xeyes starts several times as a proof of concept
-------
The mint team seems to have a bugfixed Version :
https:/
Changed in folder-color: | |
status: | New → In Progress |
assignee: | nobody → costales (costales) |
no longer affects: | ubuntu-mate |
Demo Video (german) /youtu. be/3IP8dh7NCpw
https:/