Debian Security Advisory DSA 3131-1 (xdg-utils - Security Update) Network Vulnerability

Summary

John Houwer discovered a way to cause xdg-open, a tool that automatically opens URLs in a user's preferred application, to execute arbitrary commands remotely.

Solution

For the stable distribution (wheezy), this problem has been fixed in version 1.1.0~rc1+git20111210-6+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, this problem has been fixed in version 1.1.0~rc1+git20111210-7.3. We recommend that you upgrade your xdg-utils packages.

Insight

xdg-utils contains utilities for integrating applications with the desktop environment, regardless of which desktop environment is used. They are part of freedesktop.org's Portland project.

Affected

xdg-utils on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2015/dsa-3131.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2014-9622

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 025-1 (openssh)
Debian Security Advisory DSA 035-1 (man2html)
Debian Security Advisory DSA 1075-1 (awstats)
Debian Security Advisory DSA 1073-1 (mysql-dfsg-4.1)
Debian Security Advisory DSA 103-1 (glibc)

Debian Security Advisory DSA 3131-1 (xdg-utils - security update)

Take action and discover your vulnerabilities