Published: 22/04/2019 Updated: 24/08/2020

CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4

CVSS v3 Base Score: 7.8 | Impact Score: 6 | Exploitability Score: 1.1

VMScore: 392

Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

An issue exists in GNOME Nautilus 3.30 before 3.30.6 and 3.32 before 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an malicious user to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome nautilus

Debian Bug report logs - #928054 CVE-2019-11461 Package: src:nautilus; Maintainer for src:nautilus is Debian GNOME Maintainers <pkg-gnome-maintainers@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 26 Apr 2019 21:15:04 UTC Severity: important Tags: fixed-upstream, security, upstr ...

An issue was discovered in GNOME Nautilus 330 prior to 3306 and 332 prior to 3321 A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer ...

NVD-CWE-noinfo https://gitlab.gnome.org/GNOME/nautilus/issues/987 https://security.gentoo.org/glsa/201908-27 http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928054 https://nvd.nist.gov https://security.archlinux.org/CVE-2019-11461

CVE-2019-11461

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect