CVE-2020-27187
Summary
| CVE | CVE-2020-27187 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-26 17:15:00 UTC |
| Updated | 2022-04-28 18:24:00 UTC |
| Description | An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. |
Risk And Classification
Problem Types: NVD-CWE-noinfo
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Kde | Partition Manager | All | All | All | All |
| Application | Kde | Partition Manager | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| 1890199 – (CVE-2020-27187) CVE-2020-27187 kpmcore: kpmcore_externalcommand helper can be exploited in local privilege escalation | MISC | bugzilla.redhat.com | Issue Tracking, Vendor Advisory |
| kde.org/info/security/advisory-20201017-1.txt | CONFIRM | kde.org | Patch, Vendor Advisory |
| KPMCore: Root privilege escalation (GLSA 202011-03) — Gentoo security | GENTOO | security.gentoo.org | |
| Comparing v4.1.0...v4.2.0 · KDE/partitionmanager · GitHub | MISC | github.com | Release Notes, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.