GLSA-201406-15 : KDirStat: Arbitrary command execution
Medium Nessus Plugin ID 76066
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201406-15 (KDirStat: Arbitrary command execution)
Missing escape of executable shell command in KDirStat can be used to insert malicious shell commands.
A local attacker could possibly execute arbitrary shell command with the privileges of the process.
There is no known workaround at this time.
SolutionAll KDirStat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=kde-misc/kdirstat-2.7.5'