Go Back   Web User Forums > Security > Security news and updates

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 12-02-18, 18:47
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 49,611
Default Uh-oh. How just inserting a USB drive can pwn a Linux box

A report from Graham Cluley on Bitdefender's HOTforSecurity site:

Uh-oh. How just inserting a USB drive can pwn a Linux box – HOTforSecurity

Apparently this is similar to the Stuxnet worm which exploited a zero-day vulnerability in Windows back in 2010.MS wasn't overwhelmingly successful n dealing with it and it returned for another go in 2015! As Graham Cluley says
Quote:
Let’s hope KDE Plasma has better luck than Microsoft.
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
  #2  
Old 12-02-18, 22:08
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 49,611
Default Re: Uh-oh. How just inserting a USB drive can pwn a Linux box

Another report, this time from Bleeping Computer:

It's 2018 and You Can Still p0wn Your Linux Box by Plugging in a USB Stick
Quote:
Linux users running KDE Plasma desktop environments need to apply patches to fix a bug that can lead to malicious code execution every time a user mounts a USB thumb drive on his computer.

The KDE Plasma team has released versions 5.8.9 and 5.12.0 to address the issue, tracked as CVE-2018-6791 and categorized as an "arbitrary command execution" vulnerability.
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
  #3  
Old 12-02-18, 22:42
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 49,611
Default Re: Uh-oh. How just inserting a USB drive can pwn a Linux box

From The Register:

Until last week, you could pwn KDE Linux desktop with a USB stick • The Register
Quote:
Tweak VFAT volume to execute arbitrary code

A recently resolved flaw in the KDE Linux desktop environment meant that files held on a USB stick could be executed as soon as they were plugged into a vulnerable device.

The security howler created a means to execute arbitrary code on KDE by simply naming a pendrive VFAT volume $() or similar, as explained in this advisory (extract below) put out late last week:
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
  #4  
Old 15-02-18, 17:27
Joe-King Joe-King is offline
Enthusiastic contributor
 
Join Date: Oct 2017
Location: Eastbourne, Sussex
Posts: 343
Default Re: Uh-oh. How just inserting a USB drive can pwn a Linux box

I've suddenly started seeing pwn on a few threads here. What does it mean?

Thanks for the warning, btw.
__________________
.
Ubuntu 12.04, 64-bit. i7 processor. Asus P6X58D-E motherboard. 6GB RAM. 1TB HD + 750 GB HD.
Reply With Quote
  #5  
Old 15-02-18, 17:50
Madeline's Avatar
Madeline Madeline is offline
Top contributor
 
Join Date: Jan 2004
Location: Cymru
Posts: 49,611
Default Re: Uh-oh. How just inserting a USB drive can pwn a Linux box

Quote:
I've suddenly started seeing pwn on a few threads here. What does it mean?
Pwn - Wikiwand

What Does "pwned" Mean?

A useful site where you can check whether your email has been pwned:

Have I been pwned? Check if your email has been compromised in a data breach

On the same site,you can also check whether your password has been pwned:

Have I been pwned? Pwned Passwords
__________________
"I'm Irish. We think sideways." Spike Milligan. 1918 - 2002
Reply With Quote
Reply

Bookmarks

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Search the forum

Search

© Dennis Publishing Limited Licensed by Felden





All times are GMT. The time now is 04:58.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Copyright Dennis Publishing 2010, All rights reserved