This is still exploitable in Ubuntu 8.04, text of email I just sent to <email address hidden> follows:
I just tested this using Firefox 3 on Ubuntu 8.04 with Gnome 2.22.2.
trojan.desktop Displayed in Firefox as a plain text file
trojan-axd.desktop Asked to save or open the file:
* If saved default location is desktop. Appears with jpeg icon and
file name 'hot goats.jpg'. Double clicking causes the code to
run (displays 'Owned' in a small window).
* If open with chosen, following message is displayed "The
application you chose ("(null)") could not be found. Check the
file name or choose another application."
trojan-aos.desktop Treated as executable by Firefox may only save file
* If Save file clicked, file is saved to Desktop, no choice.
* Once saved it behaves like trojan-axd.desktop.
I now have multiple icons on my desktop, all apparently called 'hot
goats.jpg' (without quotes). All of them run the embedded python code.
alex@martha:~/Documents/primes$ ls /home/alex/Desktop/trojan*
/home/alex/Desktop/trojan-aos(2).desktop
/home/alex/Desktop/trojan-aos(3).desktop
/home/alex/Desktop/trojan-aos.desktop
/home/alex/Desktop/trojan-axd(2).desktop
/home/alex/Desktop/trojan-axd.desktop
This is still exploitable in Ubuntu 8.04, text of email I just sent to <email address hidden> follows:
I just tested this using Firefox 3 on Ubuntu 8.04 with Gnome 2.22.2.
trojan.desktop Displayed in Firefox as a plain text file
trojan-axd.desktop Asked to save or open the file:
* If saved default location is desktop. Appears with jpeg icon and
file name 'hot goats.jpg'. Double clicking causes the code to
run (displays 'Owned' in a small window).
* If open with chosen, following message is displayed "The
application you chose ("(null)") could not be found. Check the
file name or choose another application."
trojan-aos.desktop Treated as executable by Firefox may only save file
* If Save file clicked, file is saved to Desktop, no choice.
* Once saved it behaves like trojan-axd.desktop.
I now have multiple icons on my desktop, all apparently called 'hot
goats.jpg' (without quotes). All of them run the embedded python code.
alex@martha: ~/Documents/ primes$ ls /home/alex/ Desktop/ trojan* Desktop/ trojan- aos(2). desktop Desktop/ trojan- aos(3). desktop Desktop/ trojan- aos.desktop Desktop/ trojan- axd(2). desktop Desktop/ trojan- axd.desktop
/home/alex/
/home/alex/
/home/alex/
/home/alex/
/home/alex/