KDE Security Advisory: Arbitrary command execution in the removable device notifier

Chat about Linux in general
Post Reply

User avatar
catweazel
Level 17
Level 17
Posts: 7769
Joined: Fri Oct 12, 2012 9:44 pm
Location: Australian Antarctic Territory

Re: KDE Security Advisory: Arbitrary command execution in the removable device notifier

Post by catweazel » Mon Feb 12, 2018 6:19 pm

JoeFootball wrote:
Mon Feb 12, 2018 2:11 pm
Oops. :)
Really, I had to laugh at that.
¡uʍop ǝpısdn sı buıɥʇʎɹǝʌǝ os ɐıןɐɹʇsnɐ ɯoɹɟ ɯ,ı

User avatar
JoeFootball
Level 6
Level 6
Posts: 1497
Joined: Tue Nov 24, 2009 1:52 pm
Location: /home/usa/mn/minneapolis/joe

Re: KDE Security Advisory: Arbitrary command execution in the removable device notifier

Post by JoeFootball » Tue Feb 13, 2018 7:19 am

So theoretically, one could create a USB drive label containing a nefarious shell command, walk up to someone's KDE deployment, plug it in, and *poof*. Eeek.

Can drives mount if the session is locked? Hmmm...

Joe

User avatar
felemur
Level 4
Level 4
Posts: 467
Joined: Sun Sep 20, 2015 2:22 pm
Location: In the middle of 1000's of acres of corn & soy fields in a house full of cats.

Re: KDE Security Advisory: Arbitrary command execution in the removable device notifier

Post by felemur » Tue Feb 13, 2018 11:33 am


Post Reply

Return to “Chat about Linux”