CVE-2015-1877

Name of the Vulnerable Software and Affected Versions xdg-utils version 1.1.0 rc1

Description The issue is related to the open generic xdg mime function in xdg-open, which does not properly handle local variables when using dash. This allows remote attackers to execute arbitrary commands via a crafted file. The exploitation of this issue may also allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service.

Recommendations For xdg-utils version 1.1.0 rc1, consider disabling the open generic xdg mime function as a temporary workaround until a patch is available. Restrict access to the xdg-open component to minimize the risk of exploitation. Avoid using the xdg-open tool with dash until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.