Thursday, March 28, 2024

Vulnerability Bad Taste Affects Linux Machine via Windows MSI Files

Security Researcher Nils Dagsson Moskopp PoC shows that windows executables can infect Linux Systems. This Vulnerability(CVE-2017-11421) exists with the gnome-exe-thumbnailer version prior to 0.9.5.

Moskopp named this vulnerability as Bad Taste, this vulnerability resides with gnome-exe-thumbnailer that used by Gnome files.

Also Read Vault 7 Leaks: CIA Hacking Tools “BothanSpy” and “Gyrfalcon” Steals SSH Credentials

Vulnerability Execution

Moskopp derived a proof of concept by creating a file poc.xml and executed shell code while navigating to the folder with MSI files, GNOME Files takes it as an executable input and generate a thumbnail with the file name.

File manager GNOME employ configuration files from /usr/share/thumbnailers. With gnome-exe-thumbnailer installed the file /usr/share/thumbnailers/exe-dll-msi.thumbnailer consist of scripts to execute file Microsoft Windows executable (EXE), installer (MSI), library (DLL), or shortcut (LNK).

Thumbnailer issues could be exploited via drive-by downloads with any web browser that does not ask users if files should be saved.

Moskopp Summarized Instead of parsing an MSI file to get its version number, this code creates a script containing the filename for which a thumbnail should be shown and executes that using Wine. The script is constructed using a template, which makes it possible to embed VBScript in a filename and trigger its execution.

Remedy for Users and Developers

Moskopp also provided a remedy for Users and Developers.

Users should delete all file in /usr/share/thumbnailers and do not use GNOME Files. Uninstall whatever another programming that facilitates consequently executing parts of filenames as the code.

Try not to parse records with bug-ridden ad-hoc parsers. Completely recognize inputs before handling them. Try not to templates, utilize unparsers.

Also Read Linux Exploit Suggester Tool to Find the Linux OS Kernel Exploits

Website

Latest articles

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...

2 Chrome Zero-Days Exploited at Pwn2Own 2024: Patch Now

Google has announced a crucial update to its Chrome browser, addressing several vulnerabilities, including...

The Moon Malware Hacked 6,000 ASUS Routers in 72hours to Use for Proxy

Black Lotus Labs discovered a multi-year campaign by TheMoon malware targeting vulnerable routers and...

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles