After a recent inquiry, a form of susceptibility has been uncovered in the thumbnail handler section of GNOME files file manager that could allow hackers to carry out malicious code on specific Linux machines.After hailing it as Bad Taste, the vulnerability(CVE-2017-11421) was unearthed by German researcher Nils Dagsson Moskopp, who also provided evidence of concept code on his blog in order to exhibit the evidence of the vulnerability.
The code injection vulnerability inhabit dwells in “gnome-exeethumbnailer”- an instrument to spawn thumbnails from Windows executable files(.exe/msi/dll/lnk) for GNOME, which requires users to have Wine application connected on their systems to set it off.For those who are uninformed, Wine is a free and open-source software that permits Windows applications to run on the Linux operating system.
Moskopp found that while finding your way to a directory containing the msi file, GNOME Files resumes the filename as an executable input and run it so that an image thumbnail may be created.
In order to achieve a victorious development of the vulnerability, an assailant may direct a crafted Windows installer (MSI) file with malicious VBScript code in its filename, which, if downloaded on a susceptible system, it would cause damage to the machine without further collaboration. While exhibiting and clarifying his Poc Moskopp states that instead of parsing an MSI file in order to obtain its version number, this code invents a script comprising of the filename for which a thumbnail should be displayed and executes that using Wine.
He states further that the script is made utilizing a template which makes it likely to embed VBScript in a file name and activate its implementation. This defect may be taken advantage of by hackers utilizing other attack vectors as well, for example, by promptly slotting in a USB-drive with a malicious file saved on it, or distributing the malicious file via drive-by-downloads.
The Best Way To Save Yourself from Bad Taste
Moskopp conveyed the vulnerability to the GNOME Project and the Debian Project. The two of them repaired the vulnerability in the gnome-exe-thumbnailer file. The vulnerability upsets gnome-exe-thumbnailer before 0.9.5 version. You should run a Linux OS with the GNOME desktop, check for updates promptly before you become affected by this perilous vulnerability.
Moskopp, also advised users to:
- Remove all files in /usr/share/thumbnailers
- Do not utilise GNOME files
Uninstall any software that accelerates automatically, execution of filenames as code.
Moskopp also suggested that developers not utilize “bug-ridden ad-hoc parsers” to parse files, to completely identify inputs prior to processing them and to utilize unparsers instead of templates.