VULHUB ™

When copying files from one directory to another, Nautilus creates a small XML file with the filename '.nautilus-metafile.xml' in the target directory. When writing this file, there are no checks to ensure that it does not already exist. Symbolic links will also be followed. Local attackers may exploit this behaviour to overwrite files belonging to other users if they can create a symbolic link in the target directory.

When copying files from one directory to another, Nautilus creates a small XML file with the filename '.nautilus-metafile.xml' in the target directory. When writing this file, there are no checks to ensure that it does not already exist. Symbolic links will also be followed. Local attackers may exploit this behaviour to overwrite files belonging to other users if they can create a symbolic link in the target directory.