CVE-2018-10900 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-10900 Interim 1 13 2022-06-11T00:52:48Z current 2021-05-30T14:13:05Z 2022-06-11T00:52:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-10900 Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-August/004399.html E-Mail link for SUSE-SU-2018:2297-1 https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00044.html E-Mail link for openSUSE-SU-2018:2307-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 openSUSE Leap 15.2 openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Tumbleweed NetworkManager-vpnc-1.0.8-8.4.2 NetworkManager-vpnc-1.2.6-4.1 NetworkManager-vpnc-1.2.6-bp154.2.68 NetworkManager-vpnc-1.2.6-lp152.2.6 NetworkManager-vpnc-1.2.6-lp153.1.31 NetworkManager-vpnc-gnome-1.0.8-8.4.2 NetworkManager-vpnc-gnome-1.2.6-4.1 NetworkManager-vpnc-gnome-1.2.6-bp154.2.68 NetworkManager-vpnc-gnome-1.2.6-lp152.2.6 NetworkManager-vpnc-gnome-1.2.6-lp153.1.31 NetworkManager-vpnc-lang-1.0.8-8.4.2 NetworkManager-vpnc-lang-1.2.6-4.1 NetworkManager-vpnc-lang-1.2.6-bp154.2.68 NetworkManager-vpnc-lang-1.2.6-lp152.2.6 NetworkManager-vpnc-lang-1.2.6-lp153.1.31 NetworkManager-vpnc-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Desktop 12 SP3 NetworkManager-vpnc-gnome-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Desktop 12 SP3 NetworkManager-vpnc-lang-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Desktop 12 SP3 NetworkManager-vpnc-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 NetworkManager-vpnc-gnome-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 NetworkManager-vpnc-lang-1.0.8-8.4.2 as a component of SUSE Linux Enterprise Workstation Extension 12 SP3 NetworkManager-vpnc-1.2.6-lp152.2.6 as a component of openSUSE Leap 15.2 NetworkManager-vpnc-gnome-1.2.6-lp152.2.6 as a component of openSUSE Leap 15.2 NetworkManager-vpnc-lang-1.2.6-lp152.2.6 as a component of openSUSE Leap 15.2 NetworkManager-vpnc-1.2.6-lp153.1.31 as a component of openSUSE Leap 15.3 NetworkManager-vpnc-gnome-1.2.6-lp153.1.31 as a component of openSUSE Leap 15.3 NetworkManager-vpnc-lang-1.2.6-lp153.1.31 as a component of openSUSE Leap 15.3 NetworkManager-vpnc-1.2.6-bp154.2.68 as a component of openSUSE Leap 15.4 NetworkManager-vpnc-gnome-1.2.6-bp154.2.68 as a component of openSUSE Leap 15.4 NetworkManager-vpnc-lang-1.2.6-bp154.2.68 as a component of openSUSE Leap 15.4 NetworkManager-vpnc-1.2.6-4.1 as a component of openSUSE Tumbleweed NetworkManager-vpnc-gnome-1.2.6-4.1 as a component of openSUSE Tumbleweed NetworkManager-vpnc-lang-1.2.6-4.1 as a component of openSUSE Tumbleweed Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. CVE-2018-10900 SUSE Linux Enterprise Desktop 12 SP3:NetworkManager-vpnc-1.0.8-8.4.2 SUSE Linux Enterprise Desktop 12 SP3:NetworkManager-vpnc-gnome-1.0.8-8.4.2 SUSE Linux Enterprise Desktop 12 SP3:NetworkManager-vpnc-lang-1.0.8-8.4.2 SUSE Linux Enterprise Workstation Extension 12 SP3:NetworkManager-vpnc-1.0.8-8.4.2 SUSE Linux Enterprise Workstation Extension 12 SP3:NetworkManager-vpnc-gnome-1.0.8-8.4.2 SUSE Linux Enterprise Workstation Extension 12 SP3:NetworkManager-vpnc-lang-1.0.8-8.4.2 openSUSE Leap 15.2:NetworkManager-vpnc-1.2.6-lp152.2.6 openSUSE Leap 15.2:NetworkManager-vpnc-gnome-1.2.6-lp152.2.6 openSUSE Leap 15.2:NetworkManager-vpnc-lang-1.2.6-lp152.2.6 openSUSE Leap 15.3:NetworkManager-vpnc-1.2.6-lp153.1.31 openSUSE Leap 15.3:NetworkManager-vpnc-gnome-1.2.6-lp153.1.31 openSUSE Leap 15.3:NetworkManager-vpnc-lang-1.2.6-lp153.1.31 openSUSE Leap 15.4:NetworkManager-vpnc-1.2.6-bp154.2.68 openSUSE Leap 15.4:NetworkManager-vpnc-gnome-1.2.6-bp154.2.68 openSUSE Leap 15.4:NetworkManager-vpnc-lang-1.2.6-bp154.2.68 openSUSE Tumbleweed:NetworkManager-vpnc-1.2.6-4.1 openSUSE Tumbleweed:NetworkManager-vpnc-gnome-1.2.6-4.1 openSUSE Tumbleweed:NetworkManager-vpnc-lang-1.2.6-4.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H