AOH :: Linux :: Apps N-Z

AOH :: Linux :: Apps N-Z :: LNX5327.HTM
Nautilus xml meta-files can be symlinked and use to DoS the system

3rd May 2002 [SBWID-5327]

COMMAND

	Nautilus xml meta-files can be symlinked and use to DoS the system

SYSTEMS AFFECTED

	Nautilus 1.0.4

PROBLEM

	Joe Testa of Rapid 7 [http://www.rapid7.com/] found that  the  XML  file
	stored in all directories browsed via Nautilus  (.nautilus-metafile.xml)
	can be symlinked to any system files.
	

	Having a higher priviledge user browse a user directory with  the  badly
	symlinked metafile will caused the symlinked file to be overwritten.

SOLUTION

	Upgrade to the latest version of Nautilus, available at
	

	http://cvs.gnome.org/lxr/source/nautilus/

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.