Zero-Day Flaw Discovered in Linux Systems
NJCCIC Alert
Original Release Date: 2019-08-12
A zero-day vulnerability has been discovered affecting nearly all Linux operating systems. The flaw resides in KDE 4 and 5, the desktop environment and applications interface, and could easily allow threat actors to execute code through a command injection in the KDesktopFile. The security researcher, Dominik Penner, elaborated that KDE permits shell expansion, allowing a threat actor to craft malicious .desktop and .directory folders and execute commands located in the “Icon” field. There are currently no known mitigation techniques or patches available at the time of this writing.
The NJCCIC recommends Linux users update operating systems when patches are made available. Further details and a proof-of-concept demonstration are available in the BleepingComputer article.
Featured Content
- Pulse Connect Secure Vulnerabilities Are Actively Being Exploited>
- Phishing Campaigns Attempt to Steal Credentials for Cloud Services>
- Geico Hack Impacts Residents in 8 States>
- SonicWall Email Security Vulnerabilities Are Actively Being Exploited>
- New Critical Vulnerabilities in On-Premises Microsoft Exchange Servers>
- Threat Actors Abuse Contact Forms in Recent Malware Campaigns>
- Google Chrome Vulnerabilities Exploited in the Wild – Patch Now>
- Increase in Ransomware Attacks Targeting Education Sector>
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.