Command execution in Xdg-Utils



Published: 2018-05-16
Risk Low
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2017-18266
CWE-ID CWE-88
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Vulnerable software
Subscribe 		Xdg-Utils
Universal components / Libraries / Libraries used by multiple products

Vendor Freedesktop.org

Security Bulletin

This security bulletin contains one low risk vulnerability.

1) Argument injection attack

EUVDB-ID: #VU12746

Risk: Low

CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-18266

CWE-ID: CWE-88 - Argument Injection or Modification

Exploit availability: No

Description

The vulnerability allows a remote unauthenticated attacker to conduct argument injection attack on the target system.

The weakness exists in the open_envvar function in the xdg-open component due to improper validation of user-supplied input. A remote attacker can trick the victim into following a specially crafted link that is designed to modify the BROWSER environment variable, conduct argument-injection attack, redirect the user's browser traffic to an attacker-controlled site and execute arbitrary commands.

Mitigation

Update to version 1.1.3.

Vulnerable software versions

Xdg-Utils: 1.0 - 1.1.2

External links

http://cgit.freedesktop.org/xdg/xdg-utils/tree/ChangeLog


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.



###SIDEBAR###