CVE-2017-8849

Source
Severity High
Remote No
Type Privilege escalation
Description
Smb4k <= 2.0.0 contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid.
Group Package Affected Fixed Severity Status Ticket
AVG-268 smb4k 2.0.0-1 2.0.0-2 High Fixed
Date Advisory Group Package Severity Description
10 May 2017 ASA-201705-11 AVG-268 smb4k High privilege escalation
References
https://www.kde.org/info/security/advisory-20170510-2.txt
http://seclists.org/oss-sec/2017/q2/240
https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e