CCE-90838-4Platform: rhel7 | Date: (C)2017-06-29 (M)2022-10-10 |
Disable All GNOME3 Thumbnailers
The system's default desktop environment, GNOME3, uses
a number of different thumbnailer programs to generate thumbnails
for any new or modified content in an opened folder. To disable the
execution of these thumbnail applications, the 'disable-all' setting must be set
under an appropriate configuration file(s) in the '/etc/dconf/db/local.d' directory
and locked in '/etc/dconf/db/local.d/locks' directory to prevent user modification.
After the settings have been set, run 'dconf update'.
This effectively prevents an attacker from gaining access to
Asystem through a flaw in GNOME3's Nautilus thumbnail creators.
Parameter:
Technical Mechanism:
An attacker with knowledge of a flaw in a GNOME3 thumbnailer application could craft a malicious
file to exploit this flaw. Assuming the attacker could place the malicious file on the local filesystem
(via a web upload for example) and assuming a user browses the same location using Nautilus, the
malicious file would exploit the thumbnailer with the potential for malicious code execution. It
is best to disable these thumbnailer applications unless they are explicitly required.
Fix:
No Remediation Info
CCSS Severity: | CCSS Metrics: |
CCSS Score : | Attack Vector: |
Exploit Score: | Attack Complexity: |
Impact Score: | Privileges Required: |
Severity: | User Interaction: |
Vector: | Scope: |
| Confidentiality: |
| Integrity: |
| Availability: |
| |
References: