smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e | third party advisory patch |
| https://www.exploit-db.com/exploits/42053/ | exploit vdb entry third party advisory |
| https://bugzilla.redhat.com/show_bug.cgi?id=1449656 | issue tracking patch vdb entry third party advisory |
| http://www.debian.org/security/2017/dsa-3951 | third party advisory vendor advisory |
| https://security.gentoo.org/glsa/201705-14 | third party advisory vendor advisory |
| https://www.kde.org/info/security/advisory-20170510-2.txt | third party advisory |
| https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce | third party advisory patch |
| http://www.securityfocus.com/bid/98690 | vdb entry third party advisory |
| http://www.openwall.com/lists/oss-security/2017/05/10/3 | mailing list patch exploit third party advisory |
| http://www.securityfocus.com/bid/98737 | vdb entry third party advisory |