sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a --proxy-pac-file argument.

sensible-browser in sensible-utils before 0.0.11 does not validate strings before launching the program specified by the BROWSER environment variable, which allows remote attackers to conduct argument-injection attacks via a crafted URL, as demonstrated by a
--proxy-pac-file argument.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3584-1 advisory.

    Gabriel Corona discovered that sensible-utils incorrectly validated strings when launcher a browser with     the sensible-browser tool. A remote attacker could possibly use this issue with a specially crafted URL to     conduct an argument injection attack and execute arbitrary code.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Update to version 0.0.11, see http://metadata.ftp-master.debian.org/changelogs/main/s/sensible-utils /sensible-utils_0.0.11_changelog for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Gabriel Corona reported that sensible-browser from sensible-utils, a collection of small utilities used to sensibly select and spawn an appropriate browser, editor or pager, does not validate strings before launching the program specified by the BROWSER environment variable, potentially allowing a remote attacker to conduct argument-injection attacks if a user is tricked into processing a specially crafted URL.

It was discovered that there was a vulnerability in sensible-browser, a utility to start the most suitable web browser based on your environment or configuration.

Remote attackers could conduct argument-injection attacks via specially- crafted URIs.

For Debian 7 'Wheezy', this issue has been fixed in sensible-utils version 0.0.7+deb7u1.

We recommend that you upgrade your sensible-utils packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
504303	Siemens SIMATIC S7-1500 Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2017-17512)	Tenable OT Security	Tenable.ot	high
107023	Ubuntu 14.04 LTS / 16.04 LTS : sensible-utils vulnerability (USN-3584-1)	Nessus	Ubuntu Local Security Checks	high
105847	Fedora 27 : sensible-utils (2017-2fab3f12c4)	Nessus	Fedora Local Security Checks	high
105475	Fedora 26 : sensible-utils (2017-80c6b4d3be)	Nessus	Fedora Local Security Checks	high
105431	Debian DSA-4071-1 : sensible-utils - security update	Nessus	Debian Local Security Checks	high
105327	Debian DLA-1209-1 : sensible-utils security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2017-17512

high

Tenable Plugins

high

high

high

high

high

high