Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv2

CVE-2017-8849

Published: 17/05/2017 Updated: 18/03/2019
CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 725
Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Smb4k Project

Vulnerability Summary

smb4k prior to 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

smb4k project smb4k

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: smb4k: CVE-2017-8849
Debian Bug report logs - #862505 smb4k: CVE-2017-8849 Package: src:smb4k; Maintainer for src:smb4k is Debian KDE Extras Team <pkg-kde-extras@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 13 May 2017 18:45:02 UTC Severity: important Tags: patch, security, upstream Found in ...
Debian Security Advisories: DSA-3951-1 smb4k -- security update
Sebastian Krahmer discovered that a programming error in the mount helper binary of the Smb4k Samba network share browser may result in local privilege escalation For the oldstable distribution (jessie), this problem has been fixed in version 121-2~deb8u1 We recommend that you upgrade your smb4k packages ...
Arch Linux Issues:
Smb4k <= 200 contains a logic flaw in which mount helper binary does not properly verify the mount command it is being asked to run This allows calling any other binary as root since the mount helper is typically installed as suid ...

Exploits

Exploit DB: KDE 4/5 - 'KAuth' Local Privilege Escalation
// cc -Wall smb0kc -pedantic -std=c11 // // smb4k PoC, also demonstrating broader scope of a generic kde // authentication bypass vulnerability // // (C) 2017 Sebastian Krahmer // #define _POSIX_C_SOURCE 200112L #include <stdioh> #include <fcntlh> #include <unistdh> #include <stdlibh> #include <errnoh> #include ...

Github Repositories

https://github.com/stealth/plasmapulsar

PLASMA PULSAR

PLASMA PULSAR CVE-2017-8422, CVE-2017-8849 This document describes a generic root exploit against kde The exploit is achieved by abusing a logic flaw within the KAuth framework which is present in kde4 (orgkdeauth) and kde5 (orgkdekf5auth) It is possible to spoof what KAuth calls callerID's which are indeed D-Bus unique names of the sender of a D-Bus message Exploit

References

CWE-20https://www.kde.org/info/security/advisory-20170510-2.txthttps://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000ehttps://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83ccehttps://bugzilla.redhat.com/show_bug.cgi?id=1449656http://www.openwall.com/lists/oss-security/2017/05/10/3http://www.securityfocus.com/bid/98737https://security.gentoo.org/glsa/201705-14https://www.exploit-db.com/exploits/42053/http://www.securityfocus.com/bid/98690http://www.debian.org/security/2017/dsa-3951https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862505https://nvd.nist.govhttps://github.com/stealth/plasmapulsarhttps://www.exploit-db.com/exploits/42053/https://www.debian.org/security/./dsa-3951
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook