PT-2008-1120 · Xdg-Utils · Xdg-Utils
Publicado
2008-01-30
·
Atualizado
2024-06-15
·
CVE-2008-0386
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Xdg-utils versions 1.0.2 and earlier
Description
The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1)
xdg-open or (2) xdg-email. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.Recommendations
For versions 1.0.2 and earlier, consider disabling the
xdg-open and xdg-email functions until a patch is available to prevent the execution of arbitrary commands via shell metacharacters in URL arguments.Exploit
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Xdg-Utils