oss-sec mailing list archives
Re: Code execution through Thunar
From: Gabriel Corona <gabriel.corona () enst-bretagne fr>
Date: Tue, 11 May 2021 07:37:47 +0200
Le 09/05/2021 à 21:38, Gabriel Corona a écrit :
When called with a regular file as command line argument, Thunar would delegate to some other program without user confirmation based on the file type. This could be exploited to trigger code execution in a chain of vulnerabilities. This is fixed in 4.16.7 and 4.17.2. When called with a regular file, Thunar now opens the containing directory and selects the file. A CVE ID has been requested.
This is CVE-2021-32563. Gabriel
Current thread:
- Code execution through Thunar Gabriel Corona (May 09)
- Re: Code execution through Thunar Gabriel Corona (May 10)