Unrated severityNVD Advisory· Published Oct 26, 2020· Updated Aug 4, 2024
CVE-2020-27187
CVE-2020-27187
Description
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- KDE/Partition Managerdescription
- Range: >=4.1.0, <4.2.0
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202011-03mitrevendor-advisoryx_refsource_GENTOO
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0mitrex_refsource_MISC
- kde.org/info/security/advisory-20201017-1.txtmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.