漏洞信息详情

KDE Frameworks KConfig 命令注入漏洞

漏洞简介

KDE Frameworks是KDE社区的一个KDE应用程序的技术基础库和软件框架的集合。KConfig是其中的一个高级配置系统,它主要用于管理KDE Frameworks中的配置并生成配置文件。

KDE Frameworks KConfig 5.61.0之前版本中存在安全漏洞。攻击者可借助恶意的桌面文件和配置文件利用该漏洞执行代码。

漏洞公告

目前厂商已发布升级补丁以修复漏洞,补丁获取链接:

https://mail.kde.org/pipermail/kde-announce/2019-August/000047.html

参考网址

来源:GENTOO

链接:https://security.gentoo.org/glsa/201908-07

来源:MLIST

链接:https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Aug/12

来源:MISC

链接:https://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html

来源:MISC

链接:https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt

来源:MISC

链接:https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/

来源:BUGTRAQ

链接:https://seclists.org/bugtraq/2019/Aug/9

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html

来源:UBUNTU

链接:https://usn.ubuntu.com/4100-1/

来源:SUSE

链接:http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/

来源:DEBIAN

链接:https://www.debian.org/security/2019/dsa-4494

来源:FEDORA

链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/

来源:www.debian.org

链接:http://www.debian.org/security/2019/dsa-4494

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-14744

来源:access.redhat.com

链接:https://access.redhat.com/security/cve/cve-2019-14744

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/KDE-kconfig-code-execution-via-Desktop-Files-29987

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2019.3047/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/154011/Debian-Security-Advisory-4494-1.html

受影响实体

    暂无