** Changed in: nautilus Status: Unknown => Confirmed ** Changed in: nautilus Importance: Unknown => Medium
-- You received this bug notification because you are a member of Desktop Packages, which is subscribed to nautilus in Ubuntu. https://bugs.launchpad.net/bugs/1236983 Title: Possible security expoit using special characters to manipulate displayed filename. Status in Nautilus: Confirmed Status in “nautilus” package in Ubuntu: Triaged Bug description: Use of special characters can be used to manipulate a filename extension in Nautilus. We received a piece of malware with a filename that appears differently with Nautilus than on the command line using ls. With Nautilus we see: NO.00123Order# POrcs.pdf With ls in bash we see: NO.00123Order# POfdp.scr Using od the special characters are revealed as: ronp@ron:~/Desktop/virus$ ls *scr | od -c 0000000 N O . 0 0 1 2 3 O r d e r # P 0000020 O 342 200 256 f d p . s c r \n 0000034 Before extraction from the archive, the file appears with question marks as follows: NO.00123Order# PO???fdp.scr Perhaps this would be a more secure way to display the file in Nautaulis revealing the true nature of the file; scr instead of pdf. This occurred with Nautilus 3.4.2 on Ubuntu 12.10 and Nautilus 3.6.3 on Ubuntu 13.04 We note this type of exploit has been used before: https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23930/en_US/McAfee_Labs_Threat_Advisory_XDocCrypt.pdf To manage notifications about this bug go to: https://bugs.launchpad.net/nautilus/+bug/1236983/+subscriptions -- Mailing list: https://launchpad.net/~desktop-packages Post to : desktop-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~desktop-packages More help : https://help.launchpad.net/ListHelp