The KDE Project released a new major version of their widely-used Plasma desktop environment for GNU/Linux distributions, a release that adds numerous new features and fixes security vulnerabilities.One important security vulnerability fixed in the KDE Plasma 5.12 LTS desktop environment is a USB exploit that could allow a local attacker with physical access to the unpatched computer to execute arbitrary commands if the malicious USB flash drive was mounted via the removable device notifier function and contained certain characters in its volume label.
"When a vfat thumbdrive which contains `` or $() in its volume label is plugged and mounted trough the device notifier, it's interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example of offending volume label is "$(touch b)" which will create a file called b in the home folder," reads the security advisory... (read more)
from Softpedia News / Linux http://ift.tt/2nRTChe
via IFTTT
No comments:
Post a Comment