Vulnerabilities > CVE-2020-27187 - Unspecified vulnerability in KDE Partition Manager 4.1.0

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

kde

NVD

Published: 2020-10-26

Updated: 2022-04-28

Summary

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.

Vulnerable Configurations

Part	Description	Count
Application	Kde KDE Partition Manager 4.1.0	1

References

https://kde.org/info/security/advisory-20201017-1.txt
https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0
https://bugzilla.redhat.com/show_bug.cgi?id=1890199
https://security.gentoo.org/glsa/202011-03