CVE-2017-8849

Upstream information

CVE-2017-8849 at MITRE

Description

smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.

---

SUSE information

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.15
Vector	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	Complete
Availability Impact	Complete

CVSS v3 Scores

	National Vulnerability Database
Base Score	7.8
Vector	AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Access Vector	Local
Access Complexity	Low
Privileges Required	Low
User Interaction	None
Scope	Unchanged
Confidentiality Impact	High
Integrity Impact	High
Availability Impact	High

SUSE Bugzilla entries: 1033300 [RESOLVED / ], 1036245 [RESOLVED / ], 1041511 [RESOLVED / ], 749065 [RESOLVED / ], 869959 [RESOLVED / ]

SUSE Security Advisories:

• openSUSE-SU-2017:1343-1, published Thu, 18 May 2017 21:11:51 +0200 (CEST)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 42.2	smb4k >= 1.2.1-3.3.1 smb4k-debuginfo >= 1.2.1-3.3.1 smb4k-debugsource >= 1.2.1-3.3.1 smb4k-doc >= 1.2.1-3.3.1 smb4k-lang >= 1.2.1-3.3.1	Patchnames: openSUSE-2017-595