In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
History
07 Nov 2023, 03:05
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
28 Feb 2023, 18:26
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Redhat enterprise Linux Desktop Redhat Redhat enterprise Linux Server Canonical Opensuse backports Sle Canonical ubuntu Linux Fedoraproject fedora Redhat enterprise Linux Workstation Opensuse |
|
References | (REDHAT) https://access.redhat.com/errata/RHSA-2019:2606 - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201908-07 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/ - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html - Patch, Third Party Advisory, VDB Entry | |
References | (UBUNTU) https://usn.ubuntu.com/4100-1/ - Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/ - Mailing List, Release Notes, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/ - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:* cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:* |
Information
Published : 2019-08-07 15:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-14744
Mitre link : CVE-2019-14744
CVE.ORG link : CVE-2019-14744
JSON object : View
Products Affected
redhat
- enterprise_linux_workstation
- enterprise_linux_server
- enterprise_linux_desktop
fedoraproject
- fedora
opensuse
- backports_sle
kde
- kconfig
canonical
- ubuntu_linux
debian
- debian_linux
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')