Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2018-6791

Published: 07/02/2018 Updated: 03/10/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.8 | Impact Score: 5.9 | Exploitability Score: 0.9
VMScore: 642
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Plasma-workspace

Vulnerability Summary

An issue exists in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace prior to 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

Vulnerable Product Search on Vulmon Subscribe to Product

kde plasma-workspace

debian debian linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-4116-1 plasma-workspace -- security update
Krzysztof Sieluzycki discovered that the notifier for removable devices in the KDE Plasma workspace performed insufficient sanitisation of FAT/VFAT volume labels, which could result in the execution of arbitrary shell commands if a removable device with a malformed disk label is mounted For the stable distribution (stretch), this problem has been ...
Red Hat: CVE-2018-6791
An issue was discovered in soliduiserver/deviceserviceactioncpp in KDE Plasma Workspace before 5120 When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution An example of an offending vol ...
Arch Linux Issues:
When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution an example of offending volume label is "$(touch b)" which will create a file called b in the home folder ...

Recent Articles

Until last week, you could pwn KDE Linux desktop with a USB stick
The Register • John Leyden • 12 Feb 2018

Tweak VFAT volume to execute arbitrary code Fresh bit o' Linux to spruce up that ancient Windows Vista box? Why not, we say...

A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device. The security howler created a means to execute arbitrary code on KDE by simply naming a pendrive VFAT volume $() or similar, as explained in this advisory (extract below) put out late last week: The CVE-2018-6791 vulnerability – unsurprisingly designated as high risk – was fixed on Thursday with an update to the Plasma Des...

Read more...

References

CWE-78https://cgit.kde.org/plasma-workspace.git/commit/?id=9db872df82c258315c6ebad800af59e81ffb9212https://bugs.kde.org/show_bug.cgi?id=389815https://www.debian.org/security/2018/dsa-4116https://nvd.nist.govhttps://www.debian.org/security/./dsa-4116
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32886insecure direct object referenceCVE-2024-34342file inclusionCVE-2024-34562CVE-2024-34347CVE-2024-26026CVE-2024-4647unprivileged
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook