Vulnerability CVE-2017-8849: Information

Description

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

Severity: HIGH (7.8) Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2017-8849
Published: May 17, 2017
Modified: March 18, 2019
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
kde5-smb4ksisyphus2.0.1-alt1.S13.2.5-alt1ALT-PU-2017-1634-1183141Fixed
kde5-smb4kp102.0.1-alt1.S13.2.5-alt1ALT-PU-2017-1634-1183141Fixed
kde5-smb4kp92.0.1-alt1.S13.0.6-alt1ALT-PU-2017-1634-1183141Fixed
kde5-smb4kp82.0.1-alt1.M80P.12.0.1-alt1.M80P.1ALT-PU-2017-1635-1183142Fixed
kde5-smb4kc10f12.0.1-alt1.S13.1.2-alt1ALT-PU-2017-1634-1183141Fixed
kde5-smb4kc9f22.0.1-alt1.S13.0.6-alt1ALT-PU-2017-1634-1183141Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.kde.org/info/security/advisory-20170510-2.txt
  • Third Party Advisory
https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e
  • Patch
  • Third Party Advisory
https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce
  • Patch
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1449656
  • Issue Tracking
  • Patch
  • Third Party Advisory
  • VDB Entry
[oss-security] 20170510 generic kde LPE
  • Exploit
  • Mailing List
  • Patch
  • Third Party Advisory
98737
  • Third Party Advisory
  • VDB Entry
GLSA-201705-14
  • Third Party Advisory
42053
  • Exploit
  • Third Party Advisory
  • VDB Entry
98690
  • Third Party Advisory
  • VDB Entry
DSA-3951
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:smb4k_project:smb4k:*:*:*:*:*:*:*:*
      End including
      2.0.0

      Configuration 2

      cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top