Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon

Related Vulnerabilities: CVE-2020-26164  
Source 
                							

                <!--X-Body-Begin-->
<!--X-User-Header-->

oss-sec
mailing list archives
<!--X-User-Header-End-->
<!--X-TopPNI-->

By Date

By Thread

</form>

<!--X-TopPNI-End-->
<!--X-MsgBody-->
<!--X-Subject-Header-Begin-->
Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon

<!--X-Subject-Header-End-->
<!--X-Head-of-Message-->

From: Solar Designer &lt;solar () openwall com&gt;

Date: Tue, 13 Oct 2020 15:28:19 +0200

<!--X-Head-of-Message-End-->
<!--X-Head-Body-Sep-Begin-->

<!--X-Head-Body-Sep-End-->
<!--X-Body-of-Message-->
On Tue, Oct 13, 2020 at 02:29:12PM +0200, Matthias Gerstner wrote:
The SUSE security team noticed that a new network service service
`kdeconnectd` was active by default  in openSUSE Leap 15.2 listening on TCP
and UDP port 1716. `kdeconnectd` is started automatically in the context of
any KDE session and runs with the privileges of the logged in user.

`kdeconnectd` talks to an Android smartphone app. The use cases are, among
others:

- sharing the PC clipboard with the smartphone
- controlling the PC from the smartphone (running commands, controlling input)

I conducted an in-depth source code review [...]

Thank you for your work on this, and for publishing so much detail!

Will kdeconnectd no longer be active by default in openSUSE?  I hope so.
Merely fixing the known issues doesn't address the fact that this poses
unjustified risk for most people.

Alexander

<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->

<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->

By Date

By Thread

Current thread:

kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 13)

Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Solar Designer (Oct 13)

Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Oct 14)

Re: kdeconnect: CVE-2020-26164: multiple security issues in kdeconnectd network daemon Matthias Gerstner (Nov 30)

<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started