Your new post is loading...
A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing.
The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below.
The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with several Linux distributions such as Kubuntu, openSUSE, OpenMandriva, Chakra, KaOS, and others.
HOW THE VULNERABILITY WORKS
The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files.
Penner discovered that he could create malicious .desktop and .directory files that could be used to run malicious code on a user's computer.
When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction -- such as running the file.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
A security researcher has published proof-of-concept (PoC) code for a vulnerability in the KDE software framework. A fix is not available at the time of writing.
The bug was discovered by Dominik "zer0pwn" Penner and impacts the KDE Frameworks package 5.60.0 and below.
The KDE Frameworks software library is at the base of the KDE desktop environment v4 and v5 (Plasma), currently included with several Linux distributions such as Kubuntu, openSUSE, OpenMandriva, Chakra, KaOS, and others.
HOW THE VULNERABILITY WORKS
The vulnerability occurs because of the way the KDesktopFile class (part of KDE Frameworks) handles .desktop or .directory files.
Penner discovered that he could create malicious .desktop and .directory files that could be used to run malicious code on a user's computer.
When a user opens the KDE file viewer to access the directory where these files are stored, the malicious code contained within the .desktop or .directory files executes without user interaction -- such as running the file.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux