Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-27187

An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.

Related bugs and status

CVE-2020-27187 (Candidate) is related to these bugs:

Bug #1903774: kpmcore 4.1.0: CVE-2020-27187

Summary				In	Importance	Status
	1903774	kpmcore 4.1.0: CVE-2020-27187		kpmcore (Ubuntu)	Undecided	New

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://kde.org/info/s...
MISC: https://bugzilla.redha...
MISC: https://github.com/KDE...
GENTOO: GLSA-202011-03