Read Time:28 Second
Posted by Georgi Guninski on Aug 07
Affected: GNOME Files 43.4 (nautilus) on fedora 37
Description:
If an user A opens in GNOME files zip archive containing
`setuid` file F, then F will be silently extracted to
a subdirectory of CWD.
If F is accessible by hostile local user B and B executes F,
then F will be executed as from user A.
tar(1) and unzip(1) are not vulnerable to this attack.
Session for creating the ZIP.
After that just open f.zip in GNOME files.
<pre>…