2019
07.02

This Metasploit module exploits a vulnerability within the “ghelp”, “help” and “man” URI handlers within Linux Mint’s “ubuntu-system-adjustments” package. Invoking any one the URI handlers will call the python script “/usr/local/bin/yelp” with the contents of the supplied URI handler as its argument. The script will then search for the strings “gnome-help” or “ubuntu-help” and if doesn’t find either of them it’ll then execute os.system(“/usr/bin/yelp %s” % args). User interaction is required to exploit this vulnerability. Versions 18.3 through 19.1 are affected.

No Comment.

Add Your Comment

You must be logged in to post a comment.