FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kde-runtime -- kdesu: displayed command truncated by unicode string terminator

Affected packages
kde-runtime < 4.14.3_5

Details

VuXML ID 41fe4724-06a2-11e7-8e3e-5453ed2e2b49
Discovery 2016-09-30
Entry 2017-03-11

Albert Aastals Cid reports:

A maliciously crafted command line for kdesu can result in the user only seeing part of the commands that will actually get executed as super user.

References

CVE Name CVE-2016-7787
Message http://www.openwall.com/lists/oss-security/2016/09/29/7
URL https://www.kde.org/info/security/advisory-20160930-1.txt