CVE-2017-8849

NameCVE-2017-8849
Descriptionsmb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-1002-1, DSA-3951-1
Debian Bugs862505

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
smb4k (PTS)bullseye3.0.7-1fixed
bookworm3.1.7-1fixed
trixie, sid4.0.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
smb4ksourcewheezy1.2.1-2~deb7u1DLA-1002-1
smb4ksourcejessie1.2.1-2~deb8u1DSA-3951-1
smb4ksource(unstable)1.2.1-2862505

Notes

https://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.kde.org/info/security/advisory-20170510-2.txt
https://github.com/stealth/plasmapulsar
smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce
Search for package or bug name: Reporting problems