Vulnerabilities > CVE-2020-27187 - Unspecified vulnerability in KDE Partition Manager 4.1.0
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1890199
- https://bugzilla.redhat.com/show_bug.cgi?id=1890199
- https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0
- https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0
- https://kde.org/info/security/advisory-20201017-1.txt
- https://kde.org/info/security/advisory-20201017-1.txt
- https://security.gentoo.org/glsa/202011-03
- https://security.gentoo.org/glsa/202011-03