PT-2019-3475 · Kde+5 · Kde Frameworks Kconfig+5

Dominik Penner

+1

·

Publicado

2019-07-28

·

Atualizado

2023-02-28

·

CVE-2019-14744

CVSS v3.1

7.8

Alta

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions KDE Frameworks KConfig versions prior to 5.61.0
Description The issue relates to the mishandling of .desktop and .directory files by libKF5ConfigCore.so, allowing code execution with minimal user interaction. This can be achieved by including a shell command on an Icon line in a .desktop file. The vulnerability is associated with insufficient input validation, which can be exploited by an attacker to gain unauthorized access to information, cause a denial of service, or impact the availability of information using malicious desktop files.
Recommendations For versions prior to 5.61.0, update to version 5.61.0 or later to resolve the issue. As a temporary workaround, consider restricting the use of .desktop and .directory files to minimize the risk of exploitation. Avoid using potentially malicious files until the issue is resolved.

Exploit

Correção

Command Injection

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-77CWE-78

Identificadores relacionados

ALT-PU-2019-2412
ALT-PU-2019-2413
ALT-PU-2019-2470
ALT-PU-2019-2476
BDU:2019-03649
CESA-2019_2606
CVE-2019-14744
DLA-1890-1
DSA-4494-1
MGASA-2019-0278
MGASA-2019-0378
OESA-2021-1295
OPENSUSE-SU-2019:1851-1
OPENSUSE-SU-2019:1851-2
OPENSUSE-SU-2019:1855-1
OPENSUSE-SU-2019:1898-1
OPENSUSE-SU-2019_1851-1
OPENSUSE-SU-2024:10889-1
RHSA-2019:2606
RHSA-2019_2606
RHSA-2020:2833
USN-4100-1

Produtos afetados

Alt Linux
Centos
Kde Frameworks Kconfig
Red Hat
Suse
Ubuntu