CVE-2008-0386 - Secunia Advisories - Vulnerability Intelligence

CVE Reference: CVE-2008-0386
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-0386

Description: Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.

CVE Status: Candidate

References: SUSE http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html ST 1019284 SAID Secunia Advisory: SA28638 Secunia Advisory: SA28728 Secunia Advisory: SA29048 MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:031 GENTOO http://security.gentoo.org/glsa/glsa-200801-21.xml CONFIRM http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?view=log http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open.in?r1=1.17&r2=1.18 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37 http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25 http://bugs.gentoo.org/show_bug.cgi?id=207331 BID 27528

Return to the previous page.