A serious vulnerability existed in the KDE Archive Tool primarily meant for Linux. Exploiting this flaw could let an attacker take complete control of Linux accounts.
KDE Archive Tool Vulnerability
Recently, a serious KDE Archive Tool vulnerability has surfaced online.
KDE is a dedicated open-source community offering various tools and apps for Unix, Linux, Windows, and Android. One such popular platform is Plasma Desktop – a Linux desktop environment providing graphical user interface to various Linux distributions.
Referred here is a flaw in the KDE archive utility Ark that could result in Linux account takeovers.
The bug first caught the attention of security researcher Dominik Penner. According to Bleeping Computer, the researcher caught a path traversal vulnerability in the ARK utility. This flaw could allow remote code execution by an adversary.
To exploit the bug, an attacker would simply have to lure the victim to open a maliciously crafted archive. Once opened, the included malware would automatically execute to perform the intended activities. This may range from installing cryptominers and trojans to ransomware attacks and backdoor implants.
The vulnerability is particularly crucial given that Ark is the default archive extractor for most Linux distros.
Following the researcher’s discovery of the vulnerability, KDE released the patch for the tool. According to KDE’s advisory, the vulnerability, CVE-2020-16116, achieved an important severity rating, for which, a PoC is available here.
KDE has patched the flaw with the release of Ark 20.08.0 that prevents the loading of malicious archives. Whereas, they have proposed the following workaround as well.
Users should not use the ‘Extract’ context menu from the Dolphin file manager. Before extracting a downloaded archive using the Ark GUI, users should inspect it to make sure it doesn’t contain entries with “../” in the file path.
Moreover, users can also apply this alternative fix to previous releases.
Let us know your thoughts in the comments.