Описание
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needs-triage] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was needs-triage |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 4:5.10.5-0ubuntu1.1 |
| bionic | not-affected | 4:5.12.1-0ubuntu1 |
| cosmic | not-affected | 4:5.12.1-0ubuntu1 |
| devel | not-affected | 4:5.12.1-0ubuntu1 |
| disco | not-affected | 4:5.12.1-0ubuntu1 |
| esm-apps/bionic | not-affected | 4:5.12.1-0ubuntu1 |
| esm-apps/xenial | released | 4:5.5.5.2-0ubuntu1.1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
Ссылки на источники
7.2 High
CVSS2
6.8 Medium
CVSS3
Связанные уязвимости
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KD ...
An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.
7.2 High
CVSS2
6.8 Medium
CVSS3