CVE-2018-10900 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Severity

72%

Complexity

39%

Confidentiality

165%

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

CVSS 3.0 Base Score 7.8. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

CVSS 2.0 Base Score 7.2. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:C/I:C/A:C).

Overview

Type

Debian Linux

First reported 6 years ago

2018-07-26 15:29:00

Last updated 5 years ago

2019-10-03 00:03:00

Affected Software

Debian Linux 8.0 (Jessie)

8.0

Debian Linux 9.0

9.0

References

https://bugzilla.novell.com/show_bug.cgi?id=1101147

Exploit, Issue Tracking, Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900

Issue Tracking, Patch, Third Party Advisory

https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news

Third Party Advisory, Vendor Advisory

https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4

Patch, Third Party Advisory, Vendor Advisory

[debian-lts-announce] 20180731 [SECURITY] [DLA 1454-1] network-manager-vpnc security update

Third Party Advisory

https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc

Exploit, Third Party Advisory

GLSA-201808-03

DSA-4253