SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Nautilus (GNOME) Vendors:   Gnome Development Team
GNOME Nautilus Buffer Overflow Lets Local Users Create Certain Denial of Service Conditions
SecurityTracker Alert ID:  1009738
SecurityTracker URL:  http://securitytracker.com/id/1009738
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 12 2004
Impact:   Denial of service via local system
Exploit Included:  Yes  
Version(s): 2.2.1 and others
Description:   A buffer overflow vulnerability was reported in GNOME Nautilus. A local user can cause denial of service conditions in certain cases.

gsicht reported that a local user can create a specially crafted directory name that, when processed by Nautilus, will cause the application to crash.

A directory name of "255 x A" will reportedly trigger the flaw.

As a demonstration exploit, create a directory name with 255 characters then delete the directory via Nautilus. Then, clear the trash and a segmentation fault will occur, the report said.

According to the report, a remote authenticated user can trigger this flaw by creating a directory via FTP.

Impact:   A local user can cause denial of service conditions in certain cases when Nautilus attempts to manipulate specially crafted directory names.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.gnome.org/projects/nautilus/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  Gnome nautilus bug




Application:  Gnome nautilus
Versions:     2.2.1 and others
Bug:          Buffer Overflow
Exploitation: unknown
Date:         12.04.04
Author:       gsicht
              e-mail: nothing.king@firemail.de

#####################
#  the bug:         #
#####################

i discovered a buffer overflow vulnerability in gnome nautilus.
i don't know many details about this overflow, but if someone is possible to create a directory with a name of 255 x A,
nautilus won't be able to handle with the directory. The creating of the directory could be possible through a ftp server.
example:
http://www.k-otik.com/exploits/08.11.0x82-wu262-advanced.c

if you delete your directory(not in a shell), you can find it in your trash. now clear it, and you'll get an error with a segmentation
 fault.
if you enter the directory in your trash with a double click and also do this with the next directory, you'll get a segmentation fault,
 too.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC