CVE-2020-27187
https://notcve.org/view.php?id=CVE-2020-27187
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. Se detectó un problema en KDE Partition Manager versiones 4.1.0 anteriores a 4.2.0. El asistente kpmcore_externalcommand contiene un fallo lógico en el que el servicio que invoca D-Bus no es apropiadamente comprobado. • https://bugzilla.redhat.com/show_bug.cgi?id=1890199 https://github.com/KDE/partitionmanager/compare/v4.1.0...v4.2.0 https://kde.org/info/security/advisory-20201017-1.txt https://security.gentoo.org/glsa/202011-03 •