what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2019-14744

Status Candidate

Overview

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

Related Files

Red Hat Security Advisory 2020-2833-01
Posted Jul 7, 2020
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2020-2833-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
SHA-256 | cfe2f776112741a228438beaae6abbb11c05570959579901ea81fc916f2d8906
Red Hat Security Advisory 2019-2606-01
Posted Sep 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2606-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
SHA-256 | 02b63b8a2f7fb8a8aad16a025ce384a5871d50f08e63d4bc9589b940af7f2df9
Ubuntu Security Notice USN-4100-1
Posted Aug 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6232, CVE-2019-14744
SHA-256 | 94d50b13c51638daf9db02d19ba31bdcae667c02371857be73dd9cdd16b2bfb4
Gentoo Linux Security Advisory 201908-07
Posted Aug 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-7 - A vulnerability has been found in KDE KConfig that could allow a remote attacker to execute arbitrary code. Versions less than 5.60.0-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2019-14744
SHA-256 | 756b1d5aebf9181f115da61fc0570235d2b4b76cbc6323f489ba8caf46b8d6c0
Debian Security Advisory 4494-1
Posted Aug 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2019-14744
SHA-256 | cffdf8b2f8be70b1d490457cf9c87e48056edad5fc1ecd56c620082e3c680957
Slackware Security Advisory - kdelibs Updates
Posted Aug 8, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-14744
SHA-256 | 04bdc9d7b65ab63d35b69b934b1ca950c4ad2e98b980fef98a3dc3026cbb85ce
Page 1 of 1
Back1Next

File Archive:

July 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    27 Files
  • 2
    Jul 2nd
    10 Files
  • 3
    Jul 3rd
    35 Files
  • 4
    Jul 4th
    27 Files
  • 5
    Jul 5th
    18 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    28 Files
  • 9
    Jul 9th
    44 Files
  • 10
    Jul 10th
    24 Files
  • 11
    Jul 11th
    25 Files
  • 12
    Jul 12th
    11 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    28 Files
  • 16
    Jul 16th
    6 Files
  • 17
    Jul 17th
    34 Files
  • 18
    Jul 18th
    6 Files
  • 19
    Jul 19th
    34 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close