Menu

Search for hundreds of thousands of exploits

"Gnome Nautilus 3.16 - Denial of Service"

Author

Exploit author

"Panagiotis Vagenas"

Platform

Exploit platform

linux

Release date

Exploit published date

2015-12-03

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
* Exploit Title: Gnome Nautilus [Denial of Service]
* Discovery Date: 2015/10/27
* Public Disclosure Date: 2015/12/01
* Exploit Author: Panagiotis Vagenas
* Contact: https://twitter.com/panVagenas
* Vendor Homepage: https://www.gnome.org/
* Software Link: https://wiki.gnome.org/Apps/Nautilus
* Version: 3.16
* Tested on: Ubuntu 14.04, Fedora 22


Description
========================================================================
========

Gnome Nautilus <= v3.16 is vulnerable to DoS attack through a
malicious crafted file.

Details
- ------------------------------------------------------------------------
- --------
A malicious crafted file can be used to perform a DoS attack in
Nautilus. The attacker must have local
access to affected system or convince the victim to download the file
(email, web url etc.). Next time
the victim tries to open the directory that contains the malicious
file, Nautilus crashes without warning.

The file must have a `.jp2` extension and start with the JPEG
signature (`0xFFD8`).

Additional Notes
- ------------------------------------------------------------------------
- --------

This seems to happen every time Nautilus is trying to update the
thumbnail of the file.

In Ubuntu and Fedora process dies with the message:
```
Premature end of JPEG file
JPEG datastream contains no image
```

This vulnerability seems to affect all Nautilus versions prior to 3.16.

PoC
========================================================================
========

1. Create a file without a `.jp2` extension in an affected system
2. Open the file in a hex editor so it start with the JPEG signature
(`0xFFD8`)
3. Rename the file so it has the `.jp2` extension
4. Open directory with Nautilus
5. Nautilus dies without warning

Timeline
========================================================================
========

2015/10/27 - Discovered
2015/10/29 - Vendor notified at security@gnome.org

Solution
========================================================================
========

No official solution yet exists.

Work-around
- ------------------------------------------------------------------------
- --------

Disabling generation of thumbnails for all files, through Nautilus
options, will prevent Nautilus from crashing.
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-11-27 "libupnp 1.6.18 - Stack-based buffer overflow (DoS)" dos linux "Patrik Lantz"
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2020-10-28 "aptdaemon < 1.1.1 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "PackageKit < 1.1.13 - File Existence Disclosure" local linux "Vaisha Bernard"
2020-10-28 "Oracle Business Intelligence Enterprise Edition 5.5.0.0.0 / 12.2.1.3.0 / 12.2.1.4.0 - 'getPreviewImage' Directory Traversal/Local File Inclusion" webapps linux "Ivo Palazzolo"
2020-10-28 "Blueman < 2.1.4 - Local Privilege Escalation" local linux "Vaisha Bernard"
2020-09-11 "Gnome Fonts Viewer 3.34.0 - Heap Corruption" local linux "Cody Winkler"
2020-07-10 "Aruba ClearPass Policy Manager 6.7.0 - Unauthenticated Remote Command Execution" remote linux SpicyItalian
2020-07-06 "Grafana 7.0.1 - Denial of Service (PoC)" dos linux mostwanted002
Release Date Title Type Platform Author
2019-04-22 "WordPress Plugin Contact Form Builder 1.0.67 - Cross-Site Request Forgery / Local File Inclusion" webapps php "Panagiotis Vagenas"
2018-01-10 "WordPress Plugin WordPress Download Manager 2.9.60 - Cross-Site Request Forgery" webapps php "Panagiotis Vagenas"
2018-01-10 "WordPress Plugin CMS Tree Page View 1.4 - Cross-Site Request Forgery / Privilege Escalation" webapps php "Panagiotis Vagenas"
2018-01-10 "WordPress Plugin Social Media Widget by Acurax 3.2.5 - Cross-Site Request Forgery" webapps php "Panagiotis Vagenas"
2018-01-10 "WordPress Plugin Admin Menu Tree Page View 2.6.9 - Cross-Site Request Forgery / Privilege Escalation" webapps php "Panagiotis Vagenas"
2016-03-03 "WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation" webapps php "Panagiotis Vagenas"
2016-02-24 "WordPress Plugin Extra User Details 0.4.2 - Privilege Escalation" webapps php "Panagiotis Vagenas"
2016-02-08 "WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure" webapps php "Panagiotis Vagenas"
2016-02-08 "WordPress Plugin WooCommerce Store Toolkit 1.5.5 - Privilege Escalation" webapps php "Panagiotis Vagenas"
2016-02-08 "WordPress Plugin WP User Frontend < 2.3.11 - Unrestricted Arbitrary File Upload" webapps php "Panagiotis Vagenas"
2016-02-04 "WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation" webapps php "Panagiotis Vagenas"
2016-02-04 "WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection" webapps php "Panagiotis Vagenas"
2015-12-03 "Gnome Nautilus 3.16 - Denial of Service" dos linux "Panagiotis Vagenas"
2015-12-03 "WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting" webapps php "Panagiotis Vagenas"
2015-12-03 "WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection" webapps php "Panagiotis Vagenas"
2015-11-18 "WordPress Plugin Users Ultra 1.5.50 - Unrestricted Arbitrary File Upload" webapps php "Panagiotis Vagenas"
2015-06-04 "WordPress Plugin zM Ajax Login & Register 1.0.9 - Local File Inclusion" webapps php "Panagiotis Vagenas"
2015-05-27 "WordPress Plugin Free Counter 1.1 - Persistent Cross-Site Scripting" webapps php "Panagiotis Vagenas"
2015-05-21 "WordPress Plugin WP Membership 1.2.3 - Multiple Vulnerabilities" webapps php "Panagiotis Vagenas" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected