KDE rips out ability for KConfig to run shell code

Brittany Day

1 min read Aug 08, 2019

The feature that a researcher discovered could be used to execute malicious code had no actual use case.

KDE has fixed a vulnerability within its KDE Framework that allowed formalicious code executionsimply by viewing a .desktop file, by removing the feature being exploited altogether.

Earlier this week, a security researcher Dominik Penner published a proof of concept that showed how users could be compromised simply by viewing a malicious .desktop file, which is typically used to show an icon for a file or directory, in the KDE file browser.

The link for this article located at ZDNet is no longer available.

Get the Latest News & Insights

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

KDE rips out ability for KConfig to run shell code

Brittany Day

Get the Latest News & Insights

LinuxSecurity Poll

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By