** Changed in: nautilus
Status: Unknown => Confirmed
** Changed in: nautilus
Importance: Unknown => Medium
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to nautilus in Ubuntu.
https://bugs.launchpad.net/bugs/1236983
Title:
Possible security expoit using special characters to manipulate
displayed filename.
Status in Nautilus:
Confirmed
Status in “nautilus” package in Ubuntu:
Triaged
Bug description:
Use of special characters can be used to manipulate a filename
extension in Nautilus. We received a piece of malware with a filename
that appears differently with Nautilus than on the command line using
ls.
With Nautilus we see: NO.00123Order# POrcs.pdf
With ls in bash we see: NO.00123Order# POfdp.scr
Using od the special characters are revealed as:
ronp@ron:~/Desktop/virus$ ls *scr | od -c
0000000 N O . 0 0 1 2 3 O r d e r # P
0000020 O 342 200 256 f d p . s c r \n
0000034
Before extraction from the archive, the file appears with question marks as
follows:
NO.00123Order# PO???fdp.scr
Perhaps this would be a more secure way to display the file in
Nautaulis revealing the true nature of the file; scr instead of pdf.
This occurred with Nautilus 3.4.2 on Ubuntu 12.10 and Nautilus 3.6.3
on Ubuntu 13.04
We note this type of exploit has been used before:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/23000/PD23930/en_US/McAfee_Labs_Threat_Advisory_XDocCrypt.pdf
To manage notifications about this bug go to:
https://bugs.launchpad.net/nautilus/+bug/1236983/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
