The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an
“KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.”
The KDE Frameworks is currently adopted by several Linux distros, including Kubuntu, OpenMandriva,
The vulnerability affects the KDE Frameworks package 5.60.0 and prior, it is caused by the way the KDesktopFile class handles .desktop or .directory files.
“KDE 4/5 is vulnerable to a command injection vulnerability in the KDesktopFile class. When a
The vulnerability could be exploited by attackers by using specially-crafted
The expert explained that browsing a folder with the KDE file viewer that contains where these files are stored, it will cause the execution of the malicious code in the
“When we combine this /feature/ with the way KDE handles
The flaw can be used by attackers to drop shell commands inside the standard “Icon” entries found in .desktop and .directory files
“So for example, if we were to browse to the malicious file in our file manager (dolphin), the Icon entry would get called in order to display the icon.” Penner explained. “Since we know this, we can use a shell command in place of the Icon entry, which in turn will execute our command whenever the file is viewed. Theoretically, if we can control config entries and trigger their reading, we can achieve command injection / RCE.”
Below a video
Penner did not report the flaw to the KDE team because he wanted to release a zero-day flaw before Defcon.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.