KDE Bug Executes Arbitrary Code Based on Name of Thumb Drive
13 February 2018
This is one of the dumbest and most dangerous bugs I’ve ever heard of. From the KDE security list: When a vfat thumbdrive which contains “ or $() in its volume label is plugged and mounted trough the device notifier, it’s interpreted as a shell command, leaving a possibility of arbitrary commands execution. an example […]