Zero-Day Flaw Discovered in Linux Systems

A zero-day vulnerability has been discovered affecting nearly all Linux operating systems. The flaw resides in KDE 4 and 5, the desktop environment and applications interface, and could easily allow threat actors to execute code through a command injection in the KDesktopFile. The security researcher, Dominik Penner, elaborated that KDE permits shell expansion, allowing a threat actor to craft malicious .desktop and .directory folders and execute commands located in the “Icon” field. There are currently no known mitigation techniques or patches available at the time of this writing. The NJCCIC recommends Linux users update operating systems when patches are made available. Further details and a proof-of-concept demonstration are available in the BleepingComputer article.

AdvisoryNJCCICZero-Day, Linux