Severity |
|
Remote |
|
Type |
- |
Unknown |
+ |
Arbitrary code execution |
|
Description |
+ |
Several issues have been found in kdeconnect <= 20.08.1 where a remote, unauthenticated attacker on the local network can access sensitive information, crash the daemon or possibly execute arbitrary code via a use-after-free. |
|
References |
+ |
https://www.openwall.com/lists/oss-security/2020/10/13/4 |
+ |
https://kde.org/info/security/advisory-20201002-1.txt |
|
Notes |
+ |
Workaround |
+ |
========== |
+ |
|
+ |
We advise you to stop KDE Connect when on untrusted networks like those on airports or conferences. |
+ |
|
+ |
Since kdeconnect is dbus activated it is relatively hard to make sure it stays stopped so the brute |
+ |
force approach is to uninstall the kdeconnect package from your system and then run |
+ |
kquitapp5 kdeconnectd |
+ |
Just install the package again once you're back in a trusted network. |
|