Уязвимость CVE-2021-32563: Информация

Описание

An issue was discovered in Thunar before 4.16.7 and 4.17.x before 4.17.2. When called with a regular file as a command-line argument, it delegates to a different program (based on the file type) without user confirmation. This could be used to achieve code execution.

Важность: CRITICAL (9,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2021-32563
Опубликовано: 11 мая 2021 г.
Изменено: 28 февраля 2023 г.
Идентификатор типа ошибки: CWE-913

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
thunarsisyphus4.16.8-alt14.18.10-alt1ALT-PU-2021-1789-1271618Исправлено
thunarp104.16.8-alt14.18.10-alt1ALT-PU-2021-1789-1271618Исправлено
thunarp91.8.17-alt11.8.17-alt1ALT-PU-2021-1810-1271820Исправлено
thunarc10f14.16.8-alt14.16.11-alt3ALT-PU-2021-1789-1271618Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://gitlab.xfce.org/xfce/thunar/-/tags
  • Release Notes
https://gitlab.xfce.org/xfce/thunar/-/commit/9165a61f95e43cc0b5abf9b98eee2818a0191e0b
  • Patch
https://gitlab.xfce.org/xfce/thunar/-/commit/3b54d9d7dbd7fd16235e2141c43a7f18718f5664
  • Patch
https://www.openwall.com/lists/oss-security/2021/05/09/2
  • Mailing List
  • Third Party Advisory
[oss-security] 20210511 Re: Code execution through Thunar
  • Mailing List
  • Third Party Advisory
https://gitlab.xfce.org/xfce/thunar/-/commit/1b85b96ebf7cb9bf6a3ddf1acee7643643fdf92d
  • Patch
[oss-security] 20230104 Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations
  • Mailing List
  • Third Party Advisory
[oss-security] 20230105 Re: Code execution through MIME-type association of Mono interpreter and security expectations of MIME type associations
  • Mailing List
  • Third Party Advisory

    1. Конфигурация 1

      cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*
      End excliding
      4.16.7
      cpe:2.3:a:xfce:thunar:*:*:*:*:*:*:*:*
      Start including
      4.17.0
      End excliding
      4.17.2
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Версия: v24.4.2
Наверх