[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

243238

 
 

909

 
 

192833

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CCE
view XML

CCE-90838-4

Platform: rhel7Date: (C)2017-06-29   (M)2022-10-10



Disable All GNOME3 Thumbnailers The system's default desktop environment, GNOME3, uses a number of different thumbnailer programs to generate thumbnails for any new or modified content in an opened folder. To disable the execution of these thumbnail applications, the 'disable-all' setting must be set under an appropriate configuration file(s) in the '/etc/dconf/db/local.d' directory and locked in '/etc/dconf/db/local.d/locks' directory to prevent user modification. After the settings have been set, run 'dconf update'. This effectively prevents an attacker from gaining access to Asystem through a flaw in GNOME3's Nautilus thumbnail creators.


Parameter:


Technical Mechanism:

An attacker with knowledge of a flaw in a GNOME3 thumbnailer application could craft a malicious file to exploit this flaw. Assuming the attacker could place the malicious file on the local filesystem (via a web upload for example) and assuming a user browses the same location using Nautilus, the malicious file would exploit the thumbnailer with the potential for malicious code execution. It is best to disable these thumbnailer applications unless they are explicitly required. Fix: No Remediation Info

CCSS Severity:CCSS Metrics:
CCSS Score : Attack Vector:
Exploit Score: Attack Complexity:
Impact Score: Privileges Required:
Severity: User Interaction:
Vector: Scope:
 Confidentiality:
 Integrity:
 Availability:
  

References:
Resource IdReference


XCCDF    1

© SecPod Technologies