CVE-2017-8849

NameCVE-2017-8849
Descriptionsmb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-1002-1, DSA-3951-1
NVD severityhigh (attack range: local)
Debian Bugs862505

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smb4k (PTS)wheezy1.0.1-1vulnerable
wheezy (security)1.2.1-2~deb7u1fixed
jessie1.1.2-1vulnerable
jessie (security)1.2.1-2~deb8u1fixed
stretch1.2.1-2fixed
buster, sid2.0.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smb4ksource(unstable)1.2.1-2high862505
smb4ksourcejessie1.2.1-2~deb8u1highDSA-3951-1
smb4ksourcewheezy1.2.1-2~deb7u1highDLA-1002-1

Notes

http://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.kde.org/info/security/advisory-20170510-2.txt
https://github.com/stealth/plasmapulsar
smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce

Search for package or bug name: Reporting problems