CVE-2019-14744

In KDE Frameworks KConfig before 5.61.0, malicious desktop files and configuration files lead to code execution with minimal user interaction. This relates to libKF5ConfigCore.so, and the mishandling of .desktop and .directory files, as demonstrated by a shell command on an Icon line in a .desktop file.
References
Link Resource
https://gist.githubusercontent.com/zeropwn/630832df151029cb8f22d5b6b9efaefb/raw/64aa3d30279acb207f787ce9c135eefd5e52643b/kde-kdesktopfile-command-injection.txt Exploit Third Party Advisory
https://www.zdnet.com/article/unpatched-kde-vulnerability-disclosed-on-twitter/ Press/Media Coverage Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/9 Mailing List Third Party Advisory
http://packetstormsecurity.com/files/153981/Slackware-Security-Advisory-kdelibs-Updates.html Patch Third Party Advisory
https://www.debian.org/security/2019/dsa-4494 Third Party Advisory
https://seclists.org/bugtraq/2019/Aug/12 Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WTFBQRJAU7ITD3TOMPZAUQMYYCAZ6DTX/ Mailing List Release Notes
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00013.html Mailing List Patch
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00016.html Mailing List Patch
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5IRIKH7ZWXELIQT6WSLV7EG3VTFWKZPD/ Release Notes Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00034.html
https://security.gentoo.org/glsa/201908-07
https://lists.debian.org/debian-lts-announce/2019/08/msg00023.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNHO6FZRYBQ2R3UCFDGS66F6DNNTKCMM/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UYKLUSSEK3YJOVQDL6K2LKGS3354UH6L/
https://usn.ubuntu.com/4100-1/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YIDXQ6CUB5E7Y3MJWCUY4VR42QAE6SCJ/
https://access.redhat.com/errata/RHSA-2019:2606
Configurations

Configuration 1

cpe:2.3:a:kde:kconfig:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Information

Published : 2019-08-07 03:15

Updated : 2020-08-24 05:37


NVD link : CVE-2019-14744

Mitre link : CVE-2019-14744

Products Affected
CWE