CVE-2020-27187 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	kpmcore_externalcommand helper contains a logic flaw in which the service invoking dbus is not properly checked. An attacker on your local machine can replace /etc/fstab, execute mount and other partitioning related commands while KDE Partition Manager is running. mount command can then be used to gain full root privileges.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1253	kpmcore	4.1.0-1	4.2.0-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
18 Oct 2020	ASA-202010-8	AVG-1253	kpmcore	High	privilege escalation

References
https://kde.org/info/security/advisory-20201017-1.txt https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454

References

https://kde.org/info/security/advisory-20201017-1.txt
https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed
https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454