CVE-2017-8849 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	Smb4k <= 2.0.0 contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run. This allows calling any other binary as root since the mount helper is typically installed as suid.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-268	smb4k	2.0.0-1	2.0.0-2	High	Fixed

Date	Advisory	Group	Package	Severity	Type
10 May 2017	ASA-201705-11	AVG-268	smb4k	High	privilege escalation

References
https://www.kde.org/info/security/advisory-20170510-2.txt http://seclists.org/oss-sec/2017/q2/240 https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e