CVE-2020-27187

Name
CVE-2020-27187
Description
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://kde.org/info/security/advisory-20201017-1.txt
Release Notes https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=1890199
GENTOO https://security.gentoo.org/glsa/202011-03

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:kde:partition_manager:*:*:*:*:*:*:*:* partition_manager >= 4.1.0 < 4.2.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status