An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper     contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the     local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE     Partition Manager is running. the mount command can then be used to gain full root privileges.
    (CVE-2020-27187)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote host is affected by the vulnerability described in GLSA-202011-03 (KPMCore: Root privilege escalation)

    Improper checks on the D-Bus request received resulted in improper       protection for /etc/fstab.
  Impact :

    An attacker could esclate privileges to root by exploiting this       vulnerability.
  Workaround :

    There is no known workaround at this time.

Update kpmcore to 4.2.0 and rebuild all dependent packages.

This update also fixes CVE-2020-27187.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
256892	Linux Distros Unpatched Vulnerability : CVE-2020-27187	Nessus	Misc.	high
142239	GLSA-202011-03 : KPMCore: Root privilege escalation	Nessus	Gentoo Local Security Checks	high
141894	Fedora 33 : calamares / kde-partitionmanager / kpmcore (2020-73471e6414)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2020-27187

high

Tenable Plugins

high

high

high