Users login

Create an account »


Users login

Home » Hacking News » RHSA-2002:064-12-Updated Nautilus for symlink vulnerability writing metadata

RHSA-2002:064-12-Updated Nautilus for symlink vulnerability writing metadata

by Nikola Strahija on May 2nd, 2002 The Nautilus file manager (used by default in the GNOME desktop environment) writes metadata files containing information about files and directories that have been visited in the file manager. The metadata file code in Red Hat Linux 7.2 can be tricked into chasing a symlink and overwriting the symlink target.

The errata packages repair this problem in two ways. First they create
metadata files using mkstemp() and then renaming the files, instead of
creating the files in-place with a fixed filename. This patch in the errata
packages was backported from the latest upstream version of Nautilus on

Second, Nautilus used to have a preference to store metadata only in the
user's home directory, rather than in each directory being browsed.
This errata removes the preference and hardcodes its value to always
use the home directory. This disables the shared-metadata functionality,
so if two users browse the same directory they may see different icons,
emblems, and so forth.

Nautilus has only been shipped in Red Hat Linux 7.2; earlier
versions do not contain Nautilus and thus are not vulnerable.

This problem should only be exploitable locally (filesystem access
is needed to create a malicious symlink). If Nautilus is not run
as root, the impact should be limited to overwriting files that
unprivileged users have access to. If Nautilus is run as root,
a malicious symlink could overwrite system-critical files such
as /etc/passwd with Nautilus metadata.

The Common Vulnerabilities and Exposures project ( has
assigned the name CAN-2002-0157 to this issue. The BUGTRAQ ID for this
issue is 4373.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:


This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. Bug IDs fixed ( for more info):

6. RPMs required:

Red Hat Linux 7.2:




7. Verification:

MD5 sum Package Name
df668f91e33ecf794aa10eee7e236f80 7.2/en/os/SRPMS/nautilus-1.0.4-46.src.rpm
f91c1cb8fb30034c8ea8aefa184c5589 7.2/en/os/i386/nautilus-1.0.4-46.i386.rpm
be8f595a061435b13675d9c799377f33 7.2/en/os/ia64/nautilus-1.0.4-46.ia64.rpm

These packages are GPG signed by Red Hat, Inc. for security. Our key
is available at:

You can verify each package with the following command:
rpm --checksig

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
rpm --checksig --nogpg

8. References:

Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »