Gnome Nautilus 3.16 Denial Of Service

Gnome Nautilus 3.16 Denial Of Service: Posted Dec 2, 2015; Authored by Panagiotis Vagenas; Gnome Nautilus version 3.16 suffers from a denial of service vulnerability.; tags | exploit, denial of service; SHA-256 | e586d2c6767124bf65dffc9fcb944f2558661fbdc9fd59bb4693ea2c48e22703; Download | Favorite | View

Gnome Nautilus 3.16 Denial Of Service

* Exploit Title: Gnome Nautilus [Denial of Service]
* Discovery Date: 2015/10/27
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://www.gnome.org/
* Software Link: https://wiki.gnome.org/Apps/Nautilus
* Version: 3.16
* Tested on: Ubuntu 14.04, Fedora 22


Description
================================================================================

Gnome Nautilus <= v3.16 is vulnerable to DoS attack through a malicious crafted file. 

Details
--------------------------------------------------------------------------------
A malicious crafted file can be used to perform a DoS attack in Nautilus. The attacker must have local
access to affected system or convince the victim to download the file (email, web url etc.). Next time 
the victim tries to open the directory that contains the malicious file, Nautilus crashes without warning.

The file must have a `.jp2` extension and start with the JPEG signature (`0xFFD8`).

Additional Notes
--------------------------------------------------------------------------------

This seems to happen every time Nautilus is trying to update the thumbnail of the file.

In Ubuntu and Fedora process dies with the message:
```
Premature end of JPEG file
JPEG datastream contains no image
```

This vulnerability seems to affect all Nautilus versions prior to 3.16.

PoC
================================================================================

1. Create a file without a `.jp2` extension in an affected system
2. Open the file in a hex editor so it start with the JPEG signature (`0xFFD8`)
3. Rename the file so it has the `.jp2` extension
4. Open directory with Nautilus
5. Nautilus dies without warning

Timeline
================================================================================

2015/10/27 - Discovered
2015/10/29 - Vendor notified at security@gnome.org

Solution
================================================================================

No official solution yet exists.

Work-around
--------------------------------------------------------------------------------

Disabling generation of thumbnails for all files, through Nautilus options, will prevent Nautilus from crashing.

Top Authors In Last 30 Days

Red Hat 219 files
Ubuntu 55 files
LiquidWorm 20 files
Debian 18 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Gnome Nautilus 3.16 Denial Of Service

Gnome Nautilus 3.16 Denial Of Service

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Gnome Nautilus 3.16 Denial Of Service

Share This

Gnome Nautilus 3.16 Denial Of Service

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems