CVE-2017-14604 — MEDIUM (6.5)

Q: How severe is CVE-2017-14604?

CVE-2017-14604 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-14604?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Nautilus, Debian Debian Linux.

Vulnerability Description

GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file's Exec field launches a malicious "sh -c" command. In other words, Nautilus provides no UI indication that a file actually has the potentially unsafe .desktop extension; instead, the UI only shows the .pdf extension. One (slightly) mitigating factor is that an attack requires the .desktop file to have execute permission. The solution is to ask the user to confirm that the file is supposed to be treated as a .desktop file, and then remember the user's answer in the metadata::trusted field.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Gnome	Nautilus	< 3.23.90
Debian	Debian Linux	8.0

Related Weaknesses (CWE)

CWE-20

References

http://www.debian.org/security/2017/dsa-3994Third Party Advisory
http://www.securityfocus.com/bid/101012Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0223Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268Issue TrackingThird Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=777991Issue TrackingVendor Advisory
https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bbIssue TrackingPatchThird Party Advisory
https://github.com/GNOME/nautilus/commit/bc919205bf774f6af3fa7154506c46039af5a69Issue TrackingPatchThird Party Advisory
https://github.com/freedomofpress/securedrop/issues/2238Third Party Advisory
https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/ExploitThird Party Advisory
http://www.debian.org/security/2017/dsa-3994Third Party Advisory
http://www.securityfocus.com/bid/101012Third Party AdvisoryVDB Entry
https://access.redhat.com/errata/RHSA-2018:0223Third Party Advisory
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860268Issue TrackingThird Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=777991Issue TrackingVendor Advisory
https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bbIssue TrackingPatchThird Party Advisory

FAQ

What is CVE-2017-14604?

CVE-2017-14604 is a vulnerability with a CVSS score of 6.5 (MEDIUM). GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by using the .desktop file extension, as demonstrated by an attack in which a .desktop file's Name field ends in .pdf but this file'...

How severe is CVE-2017-14604?

CVE-2017-14604 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-14604?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Nautilus, Debian Debian Linux.