Lucene search
Veracode Vulnerability DatabaseVERACODE:30199HistoryApr 29, 2021 - 10:18 a.m.
Privilege Escalation
2021-04-2910:18:13
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.0004 Low
EPSS
Percentile
5.1%
kpmcore is vulnerable to privilege escalation. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute the mount command to gain root privileges.
References
bugzilla.redhat.com/show_bug.cgi?id=1890199
github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0
kde.org/info/security/advisory-20201017-1.txt
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/v3.12/community.yaml
secdb.alpinelinux.org/v3.13/community.yaml
security.gentoo.org/glsa/202011-03
Related
openvas
openvas
Fedora: Security Advisory for kde-partitionmanager (FEDORA-2020-73471e6414)
2020-10-24 00:00:00
Fedora: Security Advisory for kpmcore (FEDORA-2020-73471e6414)
2020-10-24 00:00:00
Fedora: Security Advisory for calamares (FEDORA-2020-73471e6414)
2020-10-24 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: kpmcore-4.2.0-1.fc33
2020-10-23 22:27:01
[SECURITY] Fedora 33 Update: kde-partitionmanager-4.2.0-1.fc33
2020-10-23 22:27:01
[SECURITY] Fedora 33 Update: calamares-3.2.11-14.fc33
2020-10-23 22:27:00
ubuntucve
ubuntucve
CVE-2020-27187
2020-10-26 00:00:00
cve
cve
CVE-2020-27187
2020-10-26 17:15:12
gentoo
gentoo
KPMCore: Root privilege escalation
2020-11-03 00:00:00
archlinux
archlinux
[ASA-202010-8] kpmcore: privilege escalation
2020-10-18 00:00:00
osv
osv
CVE-2020-27187
2020-10-26 17:15:12
cvelist
cvelist
CVE-2020-27187
2020-10-26 16:19:47
nessus
nessus
Fedora 33 : calamares / kde-partitionmanager / kpmcore (2020-73471e6414)
2020-10-26 00:00:00
GLSA-202011-03 : KPMCore: Root privilege escalation
2020-11-03 00:00:00
debiancve
debiancve
CVE-2020-27187
2020-10-26 17:15:12
nvd
nvd
CVE-2020-27187
2020-10-26 17:15:12
prion
prion
Design/Logic Flaw
2020-10-26 17:15:00
alpinelinux
alpinelinux
CVE-2020-27187
2020-10-26 17:15:12