Read Time:28 Second

Posted by Georgi Guninski on Aug 07

Affected: GNOME Files 43.4 (nautilus) on fedora 37

Description:

If an user A opens in GNOME files zip archive containing
`setuid` file F, then F will be silently extracted to
a subdirectory of CWD.

If F is accessible by hostile local user B and B executes F,
then F will be executed as from user A.

tar(1) and unzip(1) are not vulnerable to this attack.

Session for creating the ZIP.
After that just open f.zip in GNOME files.
<pre>…

Read More

More Stories

lemonldap-ng-2.21.0-1.fc42

FEDORA-2025-aacd0b82cc Packages in this update: lemonldap-ng-2.21.0-1.fc42 Update description: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/ Read More

lemonldap-ng-2.21.0-1.el9

FEDORA-EPEL-2025-0d5707b1a1 Packages in this update: lemonldap-ng-2.21.0-1.el9 Update description: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/ Read More

lemonldap-ng-2.21.0-1.fc40

FEDORA-2025-80dfa228e7 Packages in this update: lemonldap-ng-2.21.0-1.fc40 Update description: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/ Read More

lemonldap-ng-2.21.0-1.el8

FEDORA-EPEL-2025-2ad1cee164 Packages in this update: lemonldap-ng-2.21.0-1.el8 Update description: See https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/ Read More