Vulnerability CVE-2021-32563: Information

Description

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-32563
Published: May 11, 2021
Modified: Feb. 28, 2023
Error type identifier: CWE-913

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
thunarsisyphus4.16.8-alt14.18.10-alt1ALT-PU-2021-1789-1271618Fixed
thunarp104.16.8-alt14.18.10-alt1ALT-PU-2021-1789-1271618Fixed
thunarp91.8.17-alt11.8.17-alt1ALT-PU-2021-1810-1271820Fixed
thunarc10f14.16.8-alt14.16.11-alt3ALT-PU-2021-1789-1271618Fixed
thunarp114.16.8-alt14.18.10-alt1ALT-PU-2021-1789-1271618Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://gitlab.xfce.org/xfce/thunar/-/tags
  • Release Notes
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
  • Patch
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
  • Patch
https://www.openwall.com/lists/oss-security/2021/05/09/2
  • Mailing List
  • Third Party Advisory
[oss-security] 20210511 Re: Code execution through Thunar
  • Mailing List
  • Third Party Advisory
https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
  • Patch
[oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations
  • Mailing List
  • Third Party Advisory
[oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations
  • Mailing List
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*
      End excliding
      4.16.7
      cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*
      Start including
      4.17.0
      End excliding
      4.17.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.3
Back to top