Security News > 2023 > October > GNOME Linux systems exposed to RCE attacks via file downloads
A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on Linux systems running the GNOME desktop environment.
Libcue, a library designed for parsing cue sheet files, is integrated into the Tracker Miners file metadata indexer, which is included by default in the latest GNOME versions.
GNOME is a widely used desktop environment across various Linux distributions such as Debian, Ubuntu, Fedora, Red Hat Enterprise, and SUSE Linux Enterprise.
Attackers can successfully exploit the flaw in question to execute malicious code by taking advantage of Tracker Miners automatically indexing all downloaded files to update the search index on GNOME Linux devices.
While successful exploitation of CVE-2023-43641 requires tricking a potential victim into downloading a.cue file, admins are advised to patch systems and mitigate the risks posed by this security flaw, as it provides code execution on devices running the latest releases of widely used Linux distros, including Debian, Fedora, and Ubuntu.
Backhouse has found other severe Linux security flaws in recent years, including a privilege escalation bug in the GNOME Display Manager and an authentication bypass in the polkit auth system service installed by default on many modern Linux platforms.
News URL
Related news
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- New 'Helldown' Ransomware Variant Expands Attacks to VMware and Linux Systems (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-09 | CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. | 8.8 |