kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a (single quote) character in the directory name, a different vulnerability than CVE-2014-2527.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kdirstat | Kdirstat_project | 2.7.3 (including) | 2.7.3 (including) |
| Opensuse | Opensuse | 13.1 (including) | 13.1 (including) |
| K4dirstat | Ubuntu | artful | * |
| K4dirstat | Ubuntu | precise | * |
| K4dirstat | Ubuntu | quantal | * |
| K4dirstat | Ubuntu | saucy | * |
| K4dirstat | Ubuntu | trusty | * |
| K4dirstat | Ubuntu | utopic | * |
| K4dirstat | Ubuntu | vivid | * |
| K4dirstat | Ubuntu | wily | * |
| K4dirstat | Ubuntu | yakkety | * |
| K4dirstat | Ubuntu | zesty | * |
| Kdirstat | Ubuntu | lucid | * |
References
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00015.html
- http://www.openwall.com/lists/oss-security/2014/03/17/2
- http://www.openwall.com/lists/oss-security/2014/03/18/2
- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659
- http://lists.opensuse.org/opensuse-updates/2014-08/msg00015.html
- http://www.openwall.com/lists/oss-security/2014/03/17/2
- http://www.openwall.com/lists/oss-security/2014/03/18/2
- https://bitbucket.org/jeromerobert/k4dirstat/commits/1ad2e96d73fa06cd9be0f3749b337c03575016aa#chg-src/kcleanup.cpp
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=741659