CVE-2010-2809
published 2010-08-19CVE-2010-2809: The default configuration of the binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers…
PriorityP345medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
7.37%
93.6th percentile
The default configuration of the binding in Uzbl before 2010.08.05 does not properly use the @SELECTED_URI feature, which allows user-assisted remote attackers to execute arbitrary commands via a crafted HREF attribute of an A element in an HTML document.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uzbl | uzbl | <= 2010.04.03 | — |
| uzbl | uzbl | — | — |
| uzbl | uzbl | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI
bugzilla·2010-08-06·CVSS 6.8
CVE-2010-2809 [MEDIUM] CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI
CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI
Quoting the upstream news advisory [1]:
"The 2010.08.05 release comes with a patched config file. With shell code
in hyperlinks on a page, one of the sample (uzbl-core) resp. default
(uzbl-browser) button bindings (binding for mousebutton2) would execute
this code.
Note that just upgrading your uzbl is not enough. If you have an existing
config, the change will not be automatically applied. So be sure you have
this change in your config."
And an associated bug report [2] exists as well. There is no patch noted in the bug report.
This would affect all versions of Fedora.
[1] http://www.uzbl.org/news.php?id=29
[2] http://www.uzbl.org/bugs/index.php?do=details&task_id=240
Discussion:
Created uzbl tracking bugs
Bugzilla
CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI [fedora-all]
bugzilla·2010-08-06·CVSS 6.8
CVE-2010-2809 [MEDIUM] CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI [fedora-all]
CVE-2010-2809 uzbl: malicious code execution via unsanitized @SELECTED_URI [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include the bug IDs of the
respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=621964
Please note: this issue aff
http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2http://marc.info/?l=oss-security&m=128111493509265&w=2http://marc.info/?l=oss-security&m=128111994317381&w=2http://www.securityfocus.com/bid/42297http://www.uzbl.org/bugs/index.php?do=details&task_id=240http://www.uzbl.org/news.php?id=29https://bugzilla.redhat.com/show_bug.cgi?id=621964https://bugzilla.redhat.com/show_bug.cgi?id=621965https://exchange.xforce.ibmcloud.com/vulnerabilities/61011http://github.com/Dieterbe/uzbl/commit/9cc39cb5c9396be013b5dc2ba7e4b3eaa647e975http://github.com/pawelz/uzbl/commit/342f292c27973c9df5f631a38bd12f14a9c5cdc2http://marc.info/?l=oss-security&m=128111493509265&w=2http://marc.info/?l=oss-security&m=128111994317381&w=2http://www.securityfocus.com/bid/42297http://www.uzbl.org/bugs/index.php?do=details&task_id=240http://www.uzbl.org/news.php?id=29https://bugzilla.redhat.com/show_bug.cgi?id=621964https://bugzilla.redhat.com/show_bug.cgi?id=621965https://exchange.xforce.ibmcloud.com/vulnerabilities/61011
2010-08-19
Published