DescriptionThe package guake before 3.8.5 are vulnerable to Exposed Dangerous Method or Function due to the exposure of execute_command and execute_command_by_uuid methods via the d-bus interface, which makes it possible for a malicious user to run an arbitrary command via the d-bus method. **Note:** Exploitation requires the user to have installed another malicious program that will be able to send dbus signals or run terminal commands.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
guake (PTS)buster3.4.0-1vulnerable
bookworm, sid3.9.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bullseye] - guake <no-dsa> (Minor issue)
[buster] - guake <no-dsa> (Minor issue)
[stretch] - guake <postponed> (Minor issue, unclear crossed security boundaries, no final fix yet) (3.8.2)

Search for package or bug name: Reporting problems