CVE-2018-6791 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-6791 Interim 1 12 2023-12-09T00:52:11Z current 2021-05-30T14:10:52Z 2023-12-09T00:52:11Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-6791 An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BT2QPNOSYGV4PRT6334ZOQQEDV2F6DFL/#BT2QPNOSYGV4PRT6334ZOQQEDV2F6DFL E-Mail link for openSUSE-SU-2018:0397-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/O3VUSIEN5D322MWR2YA7OFCLYROIOPRV/#O3VUSIEN5D322MWR2YA7OFCLYROIOPRV E-Mail link for openSUSE-SU-2018:0398-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SP3 drkonqi5-5.8.7-8.1 plasma5-workspace-5.8.7-8.1 plasma5-workspace-devel-5.8.7-8.1 plasma5-workspace-lang-5.8.7-8.1 plasma5-workspace-libs-5.8.7-8.1 drkonqi5-5.8.7-8.1 as a component of SUSE Package Hub 12 SP3 plasma5-workspace-5.8.7-8.1 as a component of SUSE Package Hub 12 SP3 plasma5-workspace-devel-5.8.7-8.1 as a component of SUSE Package Hub 12 SP3 plasma5-workspace-lang-5.8.7-8.1 as a component of SUSE Package Hub 12 SP3 plasma5-workspace-libs-5.8.7-8.1 as a component of SUSE Package Hub 12 SP3 An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE Plasma Workspace before 5.12.0. When a vfat thumbdrive that contains `` or $() in its volume label is plugged in and mounted through the device notifier, it's interpreted as a shell command, leading to a possibility of arbitrary command execution. An example of an offending volume label is "$(touch b)" -- this will create a file called b in the home folder. CVE-2018-6791 SUSE Package Hub 12 SP3:drkonqi5-5.8.7-8.1 SUSE Package Hub 12 SP3:plasma5-workspace-5.8.7-8.1 SUSE Package Hub 12 SP3:plasma5-workspace-devel-5.8.7-8.1 SUSE Package Hub 12 SP3:plasma5-workspace-lang-5.8.7-8.1 SUSE Package Hub 12 SP3:plasma5-workspace-libs-5.8.7-8.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 6.8 CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H