VDB
CVE-2020-27187
CVE-2020-27187
PUBLISHED
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
EPSS 0.05% · 15.8th percentile
Risk Scores
EPSS Score
0.05%
15.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | kpmcore | 3.3.0-2ubuntu1, 3.1.2-1, 3.2.0-2 |
| Ubuntu:20.04:LTS | kpmcore | 3.3.0-5, 4.0.1-2, 4.1.0-0ubuntu1 |
Timeline
- Oct 26, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 7, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-27187 third-party-advisory
- https://kde.org/info/security/advisory-20201017-1.txt third-party-advisory
- https://invent.kde.org/system/kpmcore/-/commit/c466c5db11b5cee546d1ec0594c2f1105a354fed third-party-advisory
- https://invent.kde.org/system/kpmcore/-/commit/7ec4b611dcf822439b081613cca4184689266454 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1890199 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-27187 third-party-advisory