[CVE] Arbitrary command execution in the removable device notifier
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Kubuntu PPA |
Fix Released
|
High
|
Simon Quigley | ||
| Artful |
Fix Released
|
High
|
Simon Quigley | ||
| Xenial |
Fix Released
|
High
|
Simon Quigley | ||
| plasma-workspace (Ubuntu) |
Fix Released
|
High
|
Rik Mills | ||
| Xenial |
Fix Released
|
High
|
Simon Quigley | ||
| Artful |
Fix Released
|
High
|
Simon Quigley | ||
| Bionic |
Fix Released
|
High
|
Rik Mills | ||
Bug Description
KDE Project Security Advisory
=======
Title: Plasma Desktop: Arbitrary command execution in the removable device notifier
Risk Rating: High
CVE: CVE-2018-6791
Versions: Plasma < 5.12.0
Date: 8 February 2018
Overview
========
When a vfat thumbdrive which contains `` or $() in its volume label is plugged
and mounted trough the device notifier, it's interpreted as a shell command,
leaving a possibility of arbitrary commands execution. an example of offending
volume label is "$(touch b)" which will create a file called b in the
home folder.
Workaround
==========
Mount removable devices with Dolphin instead of the device notifier.
Solution
========
Update to Plasma >= 5.12.0 or Plasma >= 5.8.9
Or apply the following patches:
Plasma 5.8:
https:/
Plasma 5.9/5.10/5.11:
https:/
Credits
=======
Thanks to ksieluzyckih for the report and to Marco Martin for the fix.
CVE References
| Simon Quigley (tsimonq2) wrote | #1 |
| Changed in plasma-workspace (Ubuntu Bionic): | |
| assignee: | nobody → Rik Mills (rikmills) |
| importance: | Undecided → High |
| Changed in plasma-workspace (Ubuntu Artful): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in plasma-workspace (Ubuntu Xenial): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in plasma-workspace (Ubuntu Trusty): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in kde-runtime (Ubuntu Bionic): | |
| assignee: | nobody → Rik Mills (rikmills) |
| importance: | Undecided → High |
| Changed in kde-runtime (Ubuntu Artful): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in kde-runtime (Ubuntu Xenial): | |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| importance: | Undecided → High |
| status: | New → In Progress |
| Changed in kde-runtime (Ubuntu Trusty): | |
| importance: | Undecided → High |
| status: | New → In Progress |
| assignee: | nobody → Simon Quigley (tsimonq2) |
| Simon Quigley (tsimonq2) wrote | #2 |
| Changed in plasma-workspace (Ubuntu Bionic): | |
| status: | New → Fix Released |
| Rik Mills (rikmills) wrote | #3 |
| Changed in kde-runtime (Ubuntu Bionic): | |
| status: | New → Incomplete |
| Simon Quigley (tsimonq2) wrote | #4 |
| Changed in kde-runtime (Ubuntu Trusty): | |
| status: | In Progress → Invalid |
| Changed in kde-runtime (Ubuntu Xenial): | |
| status: | In Progress → Invalid |
| no longer affects: | kde-runtime (Ubuntu) |
| no longer affects: | kde-runtime (Ubuntu Trusty) |
| no longer affects: | kde-runtime (Ubuntu Xenial) |
| no longer affects: | kde-runtime (Ubuntu Artful) |
| no longer affects: | kde-runtime (Ubuntu Bionic) |
| Simon Quigley (tsimonq2) wrote | #5 |
| no longer affects: | plasma-workspace (Ubuntu Trusty) |
| Simon Quigley (tsimonq2) wrote | #7 |
| Simon Quigley (tsimonq2) wrote | #8 |
| Simon Quigley (tsimonq2) wrote | #9 |
| Launchpad Janitor (janitor) wrote | #10 |
| Changed in plasma-workspace (Ubuntu Artful): | |
| status: | In Progress → Fix Released |
| Launchpad Janitor (janitor) wrote | #11 |
| Changed in plasma-workspace (Ubuntu Xenial): | |
| status: | In Progress → Fix Released |
I'm assigning the Bionic fixes to Rik; I'm unsure if plasma-workspace is still affected, but it seems kde-runtime is in fact affected.