CVE-2016-7787
MEDIUMkde-cli-tools - Command Injection via kdesu Command Line Obfuscation
Title source: llmDescription
A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-10/msg00031.html
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-10/msg00034.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/93224
Patch, Third Party Advisory, VDB Entry mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2016/09/29/7
Scores
CVSS v3
4.9
EPSS
0.0054
EPSS Percentile
67.8%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-94
Status
published
Products (3)
kde/kde-cli-tools
opensuse/leap
42.1
opensuse/opensuse
13.2
Published
Dec 23, 2016
Tracked Since
Feb 18, 2026