A format string flaw was found in the way Thunar file manager used
to copy / move files with % formatters in their name. A remote attacker
could provide a specially-crafted file and trick the local victim
into copying / moving it via Thunar, leading to Thunar executable
crash or, possibly, arbitrary code execution with the privileges
of the user running Thunar.
Issue severity note:
The FORTIFY_SOURCE feature would mitigate the impact of this flaw to
be crash only on particular Fedora versions.
This issue did NOT affect the versions of the Thunar package,
as shipped with Fedora release of 13 and 14 (those versions
do not contain the flaw relevant functionality yet).
This issue affects the versions of Thunar package, as scheduled
to appear in Fedora release of 15 (Thunar-1.2.1-5.fc15) and
as present in Rawhide (Thunar-1.3.0-3.fc16). Please schedule
an update of those.
Working on that.
(In reply to comment #1)
> This issue affects the versions of Thunar package, as scheduled
> to appear in Fedora release of 15 (Thunar-1.2.1-5.fc15)
This is not correct, as written in the first mail the fix is already in 1.2.1. It's also mentioned in /usr/share/doc/Thunar-1.2.1/NEWS
- Paste files in correct order (bug #6504).
- Fix truncated strings when loading and storing emblems (bug #7171).
- Only erase top-level items from trash (bug #7147).
- Don't interpret file display names as format strings (bug #7128).
> and as present in Rawhide (Thunar-1.3.0-3.fc16). Please schedule
> an update of those.
Fixed in http://koji.fedoraproject.org/koji/taskinfo?taskID=3014396