Описание
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| kde-cli-tools | fixed | 4:5.8.0-1 | package | |
| kde-runtime | fixed | 4:16.08.3-2 | package | |
| kde-runtime | no-dsa | jessie | package | |
| kde-runtime | not-affected | wheezy | package | |
| kdesudo | removed | package | ||
| kdesudo | no-dsa | stretch | package | |
| kdesudo | no-dsa | jessie | package | |
| kdesudo | not-affected | wheezy | package |
Примечания
https://www.kde.org/info/security/advisory-20160930-1.txt
https://github.com/KDE/kde-cli-tools/commit/5eda179a099ba68a20dc21dc0da63e85a565a171
For kde-cli-tools fixed in 5.7.5 upstream
kde-runtime's affected binary is /usr/lib/kde4/libexec/kdesu-distrib/kdesu
kdesudo's affected binary is /usr/bin/kdesudo
Связанные уязвимости
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.