TUCoPS :: Linux :: Apps N-Z :: lnx5327.htm

Nautilus xml meta-files can be symlinked and use to DoS the system
3rd May 2002 [SBWID-5327]
COMMAND

	Nautilus xml meta-files can be symlinked and use to DoS the system

SYSTEMS AFFECTED

	Nautilus 1.0.4

PROBLEM

	Joe Testa of Rapid 7 [http://www.rapid7.com/] found that  the  XML  file
	stored in all directories browsed via Nautilus  (.nautilus-metafile.xml)
	can be symlinked to any system files.
	

	Having a higher priviledge user browse a user directory with  the  badly
	symlinked metafile will caused the symlinked file to be overwritten.

SOLUTION

	Upgrade to the latest version of Nautilus, available at
	

	http://cvs.gnome.org/lxr/source/nautilus/

	

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH