GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Jun 15, 2014 5:26 pm Post subject: [ GLSA 201406-15 ] KDirStat: Arbitrary command execution |
|
|
Gentoo Linux Security Advisory
Title: KDirStat: Arbitrary command execution (GLSA 201406-15)
Severity: normal
Exploitable: local
Date: June 15, 2014
Bug(s): #504994
ID: 201406-15
Synopsis
A vulnerability in KDirStat could allow local attackers to execute
arbitrary shell commands.
Background
KDirStat is a graphical disk usage utility for KDE.
Affected Packages
Package: kde-misc/kdirstat
Vulnerable: < 2.7.5
Unaffected: >= 2.7.5
Architectures: All supported architectures
Description
Missing escape of executable shell command in KDirStat can be used to
insert malicious shell commands.
Impact
A local attacker could possibly execute arbitrary shell command with the
privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All KDirStat users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=kde-misc/kdirstat-2.7.5"
|
References
CVE-2014-2527 |
|