An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users icon files in _on_face_browse_menuitem_activated and _on_face_menuitem_activated. These icon files are written to the respective users $HOME/.face location. If an unprivileged user prepares a symlink pointing to an arbitrary location, then this location will be overwritten with the icon content.
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Debian_linux | Debian | 8.0 (including) | 8.0 (including) |
Cinnamon | Ubuntu | artful | * |
Cinnamon | Ubuntu | bionic | * |
Cinnamon | Ubuntu | cosmic | * |
Cinnamon | Ubuntu | esm-apps/bionic | * |
Cinnamon | Ubuntu | esm-apps/xenial | * |
Cinnamon | Ubuntu | upstream | * |
Cinnamon | Ubuntu | xenial | * |