CVE-2019-11461

An issue was discovered in GNOME Nautilus 3.30 prior to 3.30.6 and 3.32 prior to 3.32.1. A compromised thumbnailer may escape the bubblewrap sandbox used to confine thumbnailers by using the TIOCSTI ioctl to push characters into the input buffer of the thumbnailer's controlling terminal, allowing an attacker to escape the sandbox if the thumbnailer has a controlling terminal. This is due to improper filtering of the TIOCSTI ioctl on 64-bit systems, similar to CVE-2019-10063.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
HIGH
LOW
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 17%
VendorProductVersion
gnomenautilus
3.30 ≤
𝑥
< 3.30.6
gnomenautilus
3.32 ≤
𝑥
< 3.32.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
nautilus
bullseye
3.38.2-1+deb11u1
fixed
stretch
not-affected
jessie
not-affected
bookworm
43.2-1
fixed
sid
47.0-2
fixed
trixie
47.0-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
nautilus
disco
Fixed 1:3.32.1-0ubuntu0.19.04.0
released
cosmic
not-affected
bionic
not-affected
xenial
not-affected
trusty
dne
References
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
https://gitlab.gnome.org/GNOME/nautilus/issues/987
https://security.gentoo.org/glsa/201908-27
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00088.html
https://gitlab.gnome.org/GNOME/nautilus/issues/987
https://security.gentoo.org/glsa/201908-27