ID CVE-2014-2528
Summary kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
References
Vulnerable Configurations
  • KDirStat 2.7.3
    cpe:2.3:a:kdirstat_project:kdirstat:2.7.3
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
CVSS
Base: 6.8 (as of 27-08-2014 - 11:24)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KDIRSTAT-140706.NASL
    description The following security issue has been fixed : - #868682: CVE-2014-2527 / CVE-2014-2528: kdirstat: command injection in kcleanup
    last seen 2018-09-02
    modified 2014-08-28
    plugin id 76754
    published 2014-07-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76754
    title SuSE 11.3 Security Update : kdirstat (SAT Patch Number 9515)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-489.NASL
    description The following security fixes are fixed in this update : - command injection (CVE-2014-2528) with patch from upstream (bnc#868682)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 77133
    published 2014-08-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77133
    title openSUSE Security Update : kdirstat (openSUSE-SU-2014:0984-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-4121.NASL
    description Fix CVE-2014-2527 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 73258
    published 2014-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73258
    title Fedora 19 : k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc19 (2014-4121)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-4135.NASL
    description Fix CVE-2014-2527 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 73259
    published 2014-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=73259
    title Fedora 20 : k4dirstat-2.7.0-0.14.20101010git6c0a9e6.fc20 (2014-4135)
refmap via4
confirm
mlist
  • [oss-security] 20140317 CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution
  • [oss-security] 20140318 Re: CVE request: kdirstat, insufficient quote escaping leading to arbitrary command execution
suse openSUSE-SU-2014:0984
Last major update 27-08-2014 - 11:24
Published 26-08-2014 - 10:55
Last modified 30-10-2018 - 12:27
Back to Top