Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2025/VULN346

_____________________________________________________________________

DATE                : 11/06/2025

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running konsole versions prior to 25.04.2.

=====================================================================
https://kde.org/info/security/advisory-20250609-1.txt
_____________________________________________________________________

KDE Project Security Advisory
=============================

Title:           Konsole: Incorrect telnet scheme handling
Risk rating:     Critical
CVE:             CVE-2025-49091
Versions:        Konsole < 25.04.2
Date:            09 June 2025

Overview
========

Konsole supports loading URLs from the scheme handlers such as
telnet://URL. This can be executed regardless of whether the telnet
binary is available.

In this mode konsole had a path where if telnet was not available it
would fall back to using bash for the given arguments provided; which
is the URL provided. This allows an attacker to execute arbitrary
code.

Browsers typically provide a prompt when a user opens an external
scheme handler which would look suspicious, requiring user interaction
to be exploitable.

Impact
======

An attacker could trick a user into executing arbitrary code with a
malicious link and social engineering to make them accept it.

Workaround
==========

Install the telnet client, or delete the file:
/usr/share/applications/ktelnetservice6.desktop

Solution
========

Upgrade to konsole 25.04.2

Or apply the following patch:
http://commits.kde.org/konsole/39ffddb77763a32bc3f039514265506c6be73d48


Credits
=======

Thanks to Dennis Dast (proofnet GmbH) for reporting this issue.
Thanks to Kurt Hindenburg for fixing the issue.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================