Remote Command Execution Vulnerability in Xdg-utils by Freedesktop
CVE-2008-0386

Currently unrated

Key Information:

Vendor: Gentoo
Status: Xdg-utils
Vendor: CVE Published:; 4 February 2008

What is CVE-2008-0386?

Xdg-utils versions 1.0.2 and earlier are susceptible to a vulnerability that enables remote attackers to execute arbitrary commands through crafted URLs. By manipulating the input to utilities such as xdg-open and xdg-email, an attacker can leverage shell metacharacters, leading to unauthorized command execution that could compromise user systems. This vulnerability underscores the need for careful input validation and security measures in parsing URLs.

References

http://webcvs.freedesktop.org/portland/portland/xdg-utils...

x_refsource_CONFIRM

http://webcvs.freedesktop.org/portland/portland/xdg-utils...

x_refsource_CONFIRM

http://secunia.com/advisories/29048

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 4, 2008
Vulnerability Reserved
Jan 22, 2008

Gentoo

What is CVE-2008-0386?

References

Timeline