A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html | Third Party Advisory |
http://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/09/29/7 | Patch Third Party Advisory VDB Entry |
http://www.securityfocus.com/bid/93224 | Third Party Advisory VDB Entry |
Configurations
History
No history.
Information
Published : 2016-12-23 22:59
Updated : 2024-02-28 15:44
NVD link : CVE-2016-7787
Mitre link : CVE-2016-7787
CVE.ORG link : CVE-2016-7787
JSON object : View
Products Affected
opensuse
- opensuse
- leap
kde
- kde-cli-tools
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')