7.8
CVE-2017-8849
- EPSS 1.95%
- Veröffentlicht 17.05.2017 14:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
- CVE-Watchlists
- Unerledigt
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Smb4k Project ≫ Smb4k Version <= 2.0.0
Debian ≫ Debian Linux Version8.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.95% | 0.776 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://www.openwall.com/lists/oss-security/2017/05/10/3
https://www.exploit-db.com/exploits/42053/
http://www.debian.org/security/2017/dsa-3951
http://www.securityfocus.com/bid/98690
http://www.securityfocus.com/bid/98737
https://bugzilla.redhat.com/show_bug.cgi?id=1449656
https://cgit.kde.org/smb4k.git/commit/?id=71554140bdaede27b95dbe4c9b5a028a83c83cce
https://cgit.kde.org/smb4k.git/commit/?id=a90289b0962663bc1d247bbbd31b9e65b2ca000e
https://security.gentoo.org/glsa/201705-14
https://www.kde.org/info/security/advisory-20170510-2.txt