exploit the possibilities
Showing 1 - 5 of 5 RSS Feed

CVE-2019-14744

Status Candidate

Overview

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.

Related Files

Red Hat Security Advisory 2019-2606-01
Posted Sep 3, 2019
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2019-2606-01 - The K Desktop Environment is a graphical desktop environment for the X Window System. The kdelibs packages include core libraries for the K Desktop Environment. Issues addressed include a code execution vulnerability.

tags | advisory, code execution
systems | linux, redhat
advisories | CVE-2019-14744
MD5 | c0fd7cd4644ee70416a85a3645541475
Ubuntu Security Notice USN-4100-1
Posted Aug 19, 2019
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4100-1 - It was discovered that KConfig and KDE libraries have a vulnerability where an attacker could hide malicious code under desktop and configuration files. It was discovered that KConfig allows remote attackers to write to arbitrary files via a ../ in a filename in an archive file.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2016-6232, CVE-2019-14744
MD5 | 42453f106831005a5f6dc076ddf90ffe
Gentoo Linux Security Advisory 201908-07
Posted Aug 15, 2019
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201908-7 - A vulnerability has been found in KDE KConfig that could allow a remote attacker to execute arbitrary code. Versions less than 5.60.0-r1 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2019-14744
MD5 | 55eae714ef655caf6d6c144ad8fd2b01
Debian Security Advisory 4494-1
Posted Aug 12, 2019
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4494-1 - Dominik Penner discovered that KConfig, the KDE configuration settings framework, supported a feature to define shell command execution in .desktop files. If a user is provided with a malformed .desktop file (e.g. if it's embedded into a downloaded archive and it gets opened in a file browser) arbitrary commands could get executed. This update removes this feature.

tags | advisory, arbitrary, shell
systems | linux, debian
advisories | CVE-2019-14744
MD5 | d6ebae333ce6ae47cb75a91aa720eec9
Slackware Security Advisory - kdelibs Updates
Posted Aug 8, 2019
Authored by Slackware Security Team | Site slackware.com

Slackware Security Advisory - New kdelibs packages are available for Slackware 14.2 and -current to fix a security issue.

tags | advisory
systems | linux, slackware
advisories | CVE-2019-14744
MD5 | 3c5057c373ea24360bc52b127d15a736
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    8 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close