UBUNTU-CVE-2018-6791

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2018-6791

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6791.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2018-6791

Related

CVE-2018-6791

Published

2018-02-07T02:29:00Z

Modified

2025-01-13T10:21:35Z

Severity

6.8 (Medium) CVSS_V3 - CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder.

References

Affected packages

Ubuntu:16.04:LTS / plasma-workspace

Package

Name: plasma-workspace
Purl: pkg:deb/ubuntu/plasma-workspace@4:5.5.5.2-0ubuntu1.1?arch=source&distro=xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.5.5.2-0ubuntu1.1

Affected versions

4:5.*

4:5.4.2-0ubuntu1

4:5.4.3-0ubuntu1

4:5.5.4-0ubuntu1

4:5.5.5.2-0ubuntu1

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libkworkspace5-5",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libkworkspace5-5-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libplasma-geolocation-interface5",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libplasma-geolocation-interface5-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libtaskmanager5",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libtaskmanager5-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libweather-ion7",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "libweather-ion7-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-dbg",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-dev",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-dev-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-wayland",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "plasma-workspace-wayland-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "sddm-theme-breeze",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        },
        {
            "binary_name": "sddm-theme-breeze-dbgsym",
            "binary_version": "4:5.5.5.2-0ubuntu1.1"
        }
    ],
    "availability": "No subscription required",
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / plasma-workspace

Package

Name: plasma-workspace
Purl: pkg:deb/ubuntu/plasma-workspace@4:5.12.1-0ubuntu1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4:5.12.1-0ubuntu1

Affected versions

4:5.*

4:5.10.5-0ubuntu1

4:5.10.5-0ubuntu2

4:5.11.4-0ubuntu1

4:5.11.5-0ubuntu3

4:5.12.0a-0ubuntu2

Ecosystem specific

{
    "binaries": [
        {
            "binary_name": "libcolorcorrect5",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libcolorcorrect5-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libkworkspace5-5",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libkworkspace5-5-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libplasma-geolocation-interface5",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libplasma-geolocation-interface5-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libtaskmanager6",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libtaskmanager6-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libweather-ion7",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "libweather-ion7-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "plasma-workspace",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "plasma-workspace-dbgsym",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "plasma-workspace-dev",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "plasma-workspace-wayland",
            "binary_version": "4:5.12.1-0ubuntu1"
        },
        {
            "binary_name": "sddm-theme-breeze",
            "binary_version": "4:5.12.1-0ubuntu1"
        }
    ],
    "availability": "No subscription required",
    "ubuntu_priority": "medium"
}