PT-2022-9411 · Guake+2 · Guake+2

Junorouse

Published

2022-02-07

Updated

2022-03-23

CVE-2021-23556

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions guake versions prior to 3.8.5

Description The issue is related to the exposure of execute command and execute command by uuid methods via the d-bus interface, allowing a malicious user to run an arbitrary command. Exploitation requires the user to have installed another malicious program that can send dbus signals or run terminal commands.

Recommendations For versions prior to 3.8.5, update to version 3.8.5 or later to resolve the issue. As a temporary workaround, consider disabling the execute command and execute command by uuid methods via the d-bus interface until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALT-PU-2022-1224

CVE-2021-23556

GHSA-7X48-7466-3G33

PYSEC-2022-165

SNYK-PYTHON-GUAKE-2386334

Affected Products

Alt Linux

Debian

Guake

PT-2022-9411 · Guake+2 · Guake+2

CVE-2021-23556

Related Identifiers

Affected Products

References · 19