Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-6791  

When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example of offending volume label is "$(touch b)" which will create a file called b in the home folder.

Source
Severity High

Remote No

Type Arbitrary command execution

Description 

When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example of offending volume label is "$(touch b)" which will create a file called b in the home folder.

AVG-607 plasma-workspace 5.11.5-2 5.12.0-1 High Fixed

09 Feb 2018 ASA-201802-4 AVG-607 plasma-workspace High arbitrary command execution 

https://www.kde.org/info/security/advisory-20180208-2.txt

workaround: Mount removable devices with Dolphin instead of the device notifier.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started