KDE rips out ability for KConfig to run shell code

8 August 2019

KDE has fixed a vulnerability within its KDE Framework that allowed for malicious code execution simply by viewing a .desktop file, by removing the feature being exploited altogether. Earlier this week, a security researcher Dominik Penner published a proof of concept that showed how users could be compromised simply by viewing a malicious .desktop file, which is typically used to show an icon for a file or directory, in the KDE file browser.

Read full article on ZDNet

Date:

8 August 2019

Categorie(s):

NEWS

Tag(s):

KDE, Open Source, Open Source Software

Multifactor Authentication: Great tool with some limitations16 May 2024
Open redirect vulnerabilities exploited in ‘cat-phishing’ attacks, HP warns16 May 2024
PoC Exploit Released For D-LINK RCE Zero-Day Vulnerability16 May 2024
Is an open-source AI vulnerability next?16 May 2024
OWASP dep-scan: Open-source security and risk audit tool16 May 2024