KDE终端模拟器Konsole存在漏洞(版本<25.04.2),影响同时安装KTelnetService但未安装telnet/rlogin/ssh的系统。远程攻击者可通过特定URL scheme(如telnet://)在用户浏览器中执行代码。 2025-6-10 17:46:20 Author: www.reddit.com(查看原文) 阅读量:25 收藏
/r/netsec is a community-curated aggregator of technical information security content. Our mission is to extract signal from the noise — to provide value to security practitioners, students, researchers, and hackers everywhere.
This issue affects systems where KTelnetService and a vulnerable version of Konsole are installed but at least one of the programs telnet, rlogin or ssh is not installed. The vulnerability is in KDE's terminal emulator Konsole. As stated in the advisory by KDE, Konsole versions < 25.04.2 are vulnerable.
On vulnerable systems remote code execution from a visited website is possible if the user allows loading of certain URL schemes (telnet://, rlogin:// or ssh://) in their web browser. Depending on the web browser and configuration this, e.g., means accepting a prompt in the browser.
如有侵权请联系:admin#unsafe.sh