3rd May 2002 [SBWID-5327]
COMMAND
Nautilus xml meta-files can be symlinked and use to DoS the system
SYSTEMS AFFECTED
Nautilus 1.0.4
PROBLEM
Joe Testa of Rapid 7 [http://www.rapid7.com/] found that the XML file
stored in all directories browsed via Nautilus (.nautilus-metafile.xml)
can be symlinked to any system files.
Having a higher priviledge user browse a user directory with the badly
symlinked metafile will caused the symlinked file to be overwritten.
SOLUTION
Upgrade to the latest version of Nautilus, available at
http://cvs.gnome.org/lxr/source/nautilus/
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
