PT-2008-1120 · Xdg-Utils · Xdg-Utils

Published

2008-01-30

Updated

2024-06-15

CVE-2008-0386

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Xdg-utils versions 1.0.2 and earlier

Description The issue allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For versions 1.0.2 and earlier, consider disabling the xdg-open and xdg-email functions until a patch is available to prevent the execution of arbitrary commands via shell metacharacters in URL arguments.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2015-09624

CVE-2008-0386

OPENSUSE-SU-2024:11518-1

Affected Products

Xdg-Utils

PT-2008-1120 · Xdg-Utils · Xdg-Utils

CVE-2008-0386

Weakness Enumeration

Related Identifiers

Affected Products

References · 23