Vulnerability Details : CVE-2017-8849
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
Vulnerability category: Input validation
Products affected by CVE-2017-8849
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:smb4k_project:smb4k:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8849
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8849
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
7.8
|
HIGH | CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8849
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8849
-
http://www.securityfocus.com/bid/98737
Juju CVE-2017-8849 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2017/05/10/3
oss-security - generic kde LPEExploit;Mailing List;Patch;Third Party Advisory
-
https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e
smb4k.git - The advanced network neighborhood browser and Samba share mounting utility by KDE.Patch;Third Party Advisory
-
http://www.securityfocus.com/bid/98690
Smb4K CVE-2017-8849 Local Privilege Escalation VulnerabilityThird Party Advisory;VDB Entry
-
http://www.debian.org/security/2017/dsa-3951
Debian -- Security Information -- DSA-3951-1 smb4kThird Party Advisory
-
https://www.exploit-db.com/exploits/42053/
KDE 4/5 - 'KAuth' Local Privilege EscalationExploit;Third Party Advisory;VDB Entry
-
https://www.kde.org/info/security/advisory-20170510-2.txt
Third Party Advisory
-
https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce
smb4k.git - The advanced network neighborhood browser and Samba share mounting utility by KDE.Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/201705-14
Smb4K: Arbitrary command execution as root (GLSA 201705-14) — Gentoo securityThird Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1449656
1449656 – (CVE-2017-8849) CVE-2017-8849 smb4k: unauthorized local command execution as rootIssue Tracking;Patch;Third Party Advisory;VDB Entry
Jump to