A vulnerability in pidgin-knotify might allow remote attackers to execute arbitrary code.
Package | x11-plugins/pidgin-knotify on all architectures |
---|---|
Affected versions | <= 0.2.1 |
Unaffected versions |
pidgin-knotify is a Pidgin plug-in to display message notifications in KDE.
pidgin-knotify does not properly sanitize shell metacharacters from received messages.
A remote attacker could send a specially crafted instant message, possibly resulting in execution of arbitrary code with the privileges of the Pidgin process.
There is no known workaround at this time.
Gentoo has discontinued support for pidgin-knotify. We recommend that users unmerge pidgin-knotify:
# emerge --unmerge "x11-plugins/pidgin-knotify"
Release date
February 26, 2014
Latest revision
February 26, 2014: 1
Severity
high
Exploitable
remote
Bugzilla entries