Search
Find a vulnerability
Search criteria
2 vulnerabilities found for partition_manager by kde
CVE-2020-27187 (GCVE-0-2020-27187)
Vulnerability from nvd – Published: 2020-10-26 16:19 – Updated: 2024-08-04 16:11
VLAI
Summary
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/KDE/partitionmanager/compare/v… | x_refsource_MISC |
| https://kde.org/info/security/advisory-20201017-1.txt | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1890199 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202011-03 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:35.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T02:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0",
"refsource": "MISC",
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"name": "https://kde.org/info/security/advisory-20201017-1.txt",
"refsource": "CONFIRM",
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27187",
"datePublished": "2020-10-26T16:19:47.000Z",
"dateReserved": "2020-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:35.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-27187 (GCVE-0-2020-27187)
Vulnerability from cvelistv5 – Published: 2020-10-26 16:19 – Updated: 2024-08-04 16:11
VLAI
Summary
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/KDE/partitionmanager/compare/v… | x_refsource_MISC |
| https://kde.org/info/security/advisory-20201017-1.txt | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=1890199 | x_refsource_MISC |
| https://security.gentoo.org/glsa/202011-03 | vendor-advisoryx_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T16:11:35.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202011-03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-03T02:06:32.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202011-03"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-27187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0",
"refsource": "MISC",
"url": "https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0"
},
{
"name": "https://kde.org/info/security/advisory-20201017-1.txt",
"refsource": "CONFIRM",
"url": "https://kde.org/info/security/advisory-20201017-1.txt"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890199"
},
{
"name": "GLSA-202011-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202011-03"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-27187",
"datePublished": "2020-10-26T16:19:47.000Z",
"dateReserved": "2020-10-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T16:11:35.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}