CVE-2018-6791 — OS Command Injection in Plasma-workspace

CWE-78 — OS Command Injection CWE-138 — Improper Neutralization of Special Elements9 documents8 sources

Severity

6.8MEDIUMNVD

EPSS

0.3%

top 50.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

KDE Plasma-workspace Debian Linux

Timeline

PublishedFeb 7

Latest updateMay 13

Description

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

CVSS vector

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 0.9 | Impact: 5.9

Affected Packages2 packages

▶NVDkde/plasma-workspace< 5.12.0

▶Debiankde/plasma-workspace< 4:5.12.0-2+3

Also affects: Debian Linux 9.0

🔴Vulnerability Details

GHSA

GHSA-wfc7-x8jc-jx99: An issue was discovered in soliduiserver/deviceserviceaction↗2022-05-13

▶

CVEList

CVE-2018-6791: An issue was discovered in soliduiserver/deviceserviceaction↗2018-02-07

▶

OSV

CVE-2018-6791: An issue was discovered in soliduiserver/deviceserviceaction↗2018-02-07

▶

📋Vendor Advisories

Red Hat

kde-runtime: Arbitrary command execution in the removable device notifier↗2018-02-08

▶

Debian

CVE-2018-6791: plasma-workspace - An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma W...↗2018

▶

📄Research Papers

arXiv

BeatCoin: Leaking Private Keys from Air-Gapped Cryptocurrency Wallets↗2018-04-23

▶

💬Community

Bugzilla

CVE-2018-6790 CVE-2018-6791 plasma-workspace: various flaws [fedora-all]↗2018-02-08

▶

Bugzilla

CVE-2018-6791 kde-runtime: Arbitrary command execution in the removable device notifier↗2018-02-08

▶