6.8

CVE-2008-0386

Exploit
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GentooXdg-utils Version <= 1.0.2
   MandrakesoftMandrake Linux Version2007.1
   MandrakesoftMandrake Linux Version2007.1 Editionx86_64
   MandrakesoftMandrake Linux Version2008.0
   MandrakesoftMandrake Linux Version2008.0 Editionx86_64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.17% 0.864
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html
Third Party Advisory
http://secunia.com/advisories/29048
URL Repurposed
http://bugs.gentoo.org/show_bug.cgi?id=207331
Exploit
http://secunia.com/advisories/28638
Vendor Advisory
http://secunia.com/advisories/28728
Vendor Advisory
http://security.gentoo.org/glsa/glsa-200801-21.xml
Third Party Advisory
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25
Exploit
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?view=log
Exploit
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email?r1=1.36&r2=1.37
Exploit
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open.in?r1=1.17&r2=1.18
Exploit
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?r1=1.32&r2=1.33
Exploit
http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?view=log
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2008:031
Third Party Advisory
http://www.securityfocus.com/bid/27528
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1019284
Third Party Advisory
VDB Entry
http://www.vupen.com/english/advisories/2008/0342
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=429513
Issue Tracking