Описание
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
A flaw was found in Konsole. The application's handling of URLs using scheme handlers like ssh://, telnet://, or rlogin:// allows a remote attacker to trigger arbitrary code execution. This issue occurs when a user opens a specially crafted URL, bypassing authentication checks. Consequently, a malicious URL can be used to execute commands on the system.
Отчет
This vulnerability was rated as an IMPORTANT vulnerability because the Konsole's handling of URLs containing scheme handlers such as ssh://, telnet://, or rlogin://. When a user opens a specially crafted URL, Konsole automatically processes the scheme without adequate validation or authentication enforcement. This behavior allows a remote attacker to craft malicious URLs that can trigger arbitrary command execution on the user’s system, resulting in a severe compromise of system confidentiality, integrity, and availability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | konsole | Affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
8.3 High
CVSS3
Связанные уязвимости
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
KDE Konsole before 25.04.2 allows remote code execution in a certain s ...
KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code path where if that binary is not available, Konsole falls back to using /bin/bash for the given arguments (i.e., the URL) provided. This allows an attacker to execute arbitrary code.
Уязвимость эмулятора терминала Konsole среды рабочего стола KDE, позволяющая нарушителю выполнить произвольный код
8.3 High
CVSS3