Joined: 12 May 2004
|Posted: Sun Jun 15, 2014 5:26 pm Post subject: [ GLSA 201406-15 ] KDirStat: Arbitrary command execution
|Gentoo Linux Security Advisory
Title: KDirStat: Arbitrary command execution (GLSA 201406-15)
Date: June 15, 2014
A vulnerability in KDirStat could allow local attackers to execute
arbitrary shell commands.
KDirStat is a graphical disk usage utility for KDE.
Vulnerable: < 2.7.5
Unaffected: >= 2.7.5
Architectures: All supported architectures
Missing escape of executable shell command in KDirStat can be used to
insert malicious shell commands.
A local attacker could possibly execute arbitrary shell command with the
privileges of the process.
There is no known workaround at this time.
All KDirStat users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=kde-misc/kdirstat-2.7.5"