Login Sign Up

CVE-2011-1588

7.8 HIGH
Denial of Service

📋 TL;DR

Thunar file manager versions before 1.3.1 contain a format string vulnerability when handling file names with percent characters. This could allow an attacker to crash the application or potentially execute arbitrary code by tricking a user into copying and pasting a malicious file name. Users of Thunar on Linux systems are affected.

💻 Affected Systems

Products:
  • Thunar file manager
Versions: All versions before 1.3.1
Operating Systems: Linux distributions with Xfce desktop environment
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects Thunar when users copy/paste file names containing % format characters.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Opensuse by Opensuse

View all CVEs affecting Opensuse →

Thunar by Xfce

View all CVEs affecting Thunar →

Thunar by Xfce

View all CVEs affecting Thunar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with user privileges if format string exploitation leads to arbitrary code execution.

🟠

Likely Case

Application crash (denial of service) when processing specially crafted file names.

🟢

If Mitigated

No impact if patched version is used or workarounds prevent exploitation.

🌐 Internet-Facing: LOW - Requires user interaction with malicious file names, not directly network exploitable.
🏢 Internal Only: MEDIUM - Internal users could craft malicious file names to crash Thunar on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires user interaction (copy/paste action). Proof of concept demonstrates crash via format string error.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Thunar 1.3.1 and later

Vendor Advisory: http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00008.html

Restart Required: No

Instructions:

1. Update Thunar to version 1.3.1 or later using your distribution's package manager. 2. For Red Hat/CentOS: yum update thunar. 3. For Debian/Ubuntu: apt-get update && apt-get install thunar. 4. Verify version after update.

🔧 Temporary Workarounds

Avoid suspicious file operations

linux

Instruct users not to copy/paste file names from untrusted sources

Use alternative file manager

linux

Temporarily use Nautilus, Dolphin, or other file managers until patched

🧯 If You Can't Patch

  • Restrict user access to Thunar for untrusted users
  • Implement application whitelisting to prevent Thunar execution

🔍 How to Verify

Check if Vulnerable:

Check Thunar version: thunar --version | grep -i version

Check Version:

thunar --version

Verify Fix Applied:

Verify version is 1.3.1 or higher: thunar --version

📡 Detection & Monitoring

Log Indicators:

  • Thunar crash logs in system logs
  • Segmentation fault errors related to Thunar

Network Indicators:

  • No network indicators - local exploitation only

SIEM Query:

process_name:"thunar" AND (event_type:"crash" OR error:"segmentation fault")

📊 Metadata

CVE ID: CVE-2011-1588
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-134
Published: November 14, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2011-1588, you might also want to check these:

CVE-2021-41193 9.8

CVE-2021-41193 is a remote format string vulnerability in wire-avs, the audio visual signaling compo...

Same vulnerability type (CWE-134)
CVE-2021-42911 9.8

This is a critical format string vulnerability in DrayTek router firmware that allows remote attacke...

Same vulnerability type (CWE-134)
CVE-2020-13160 9.8

This CVE describes a format string vulnerability in AnyDesk on Linux and FreeBSD systems that allows...

Same vulnerability type (CWE-134)