Possible security expoit using special characters to manipulate displayed filename.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Nautilus |
Confirmed
|
Medium
|
|||
nautilus (Ubuntu) |
Triaged
|
High
|
Unassigned |
Bug Description
Use of special characters can be used to manipulate a filename extension in Nautilus. We received a piece of malware with a filename that appears differently with Nautilus than on the command line using ls.
With Nautilus we see: NO.00123Order# POrcs.pdf
With ls in bash we see: NO.00123Order# POfdp.scr
Using od the special characters are revealed as:
ronp@ron:
0000000 N O . 0 0 1 2 3 O r d e r # P
0000020 O 342 200 256 f d p . s c r \n
0000034
Before extraction from the archive, the file appears with question marks as follows:
NO.00123Order# PO???fdp.scr
Perhaps this would be a more secure way to display the file in Nautaulis revealing the true nature of the file; scr instead of pdf.
This occurred with Nautilus 3.4.2 on Ubuntu 12.10 and Nautilus 3.6.3 on Ubuntu 13.04
We note this type of exploit has been used before:
https:/
information type: | Private Security → Public Security |
Changed in nautilus (Ubuntu): | |
status: | New → Confirmed |
Changed in nautilus (Ubuntu): | |
status: | Confirmed → Triaged |
Changed in nautilus: | |
importance: | Unknown → Medium |
status: | Unknown → Confirmed |
Looks like a consequence of https:/ /bugzilla. gnome.org/ show_bug. cgi?id= 549882
Thanks