| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Privilege escalation |
|
| Description |
| + |
kpmcore_externalcommand helper contains a logic flaw in which the service invoking dbus is not properly checked. An attacker on your local machine can replace /etc/fstab, execute mount and other partitioning related commands while KDE Partition Manager is running. mount command can then be used to gain full root privileges. |
|
| References |
| + |
https://kde.org/info/security/advisory-20201017-1.txt |
| + |
https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed |
| + |
https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 |
|
| Notes |
|