CVE-2018-10900

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-10900

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10900.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-10900

Related

Published

2018-07-26T15:29:00Z

Modified

2025-04-28T03:16:24.214008Z

Downstream

SUSE-SU-2018:2297-1

openSUSE-SU-2024:10604-1

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

References

Affected packages

Debian:11 / network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/debian/network-manager-vpnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/debian/network-manager-vpnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / network-manager-vpnc

Package

Name: network-manager-vpnc
Purl: pkg:deb/debian/network-manager-vpnc?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / gitlab.freedesktop.org/NetworkManager/NetworkManager

Affected ranges

Type: GIT
Repo: https://gitlab.freedesktop.org/NetworkManager/NetworkManager
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0001318d9ffc66f003d8270ef7485f07b195616b

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/NetworkManager-vpnc
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07ac18a32b4

Fixed

07ac18a32b4

Affected versions

0.*

0.7.997

0.7.998

0.7.999

0.8

0.8-rc1

0.8-rc2

0.8-rc3

0.8.0.997

0.8.1

0.8.1-beta1

0.8.995

0.8.996

0.8.997

0.8.998

0.8.999

0.8.9997

0.9-rc2

0.9-rc3

0.9.0

0.9.0-beta1

0.9.0-beta2

0.9.0-beta3

0.9.0-rc1

0.9.1.90

0.9.1.95

0.9.10-beta1

0.9.2

0.9.2-beta1

0.9.2-rc1

0.9.2.0

0.9.3.990

0.9.3.995

0.9.3.997

0.9.4-beta1

0.9.4-rc1

0.9.4.0

0.9.5.95

0.9.5.96

0.9.6-rc1

0.9.6-rc2

0.9.6.0

0.9.7.995

0.9.8-beta1

0.9.8.0

0.9.9.1

0.9.9.95

1.*

1.1.0-dev

1.2-beta1

1.2-beta2

1.2-beta3

1.2-rc1

1.2-rc2

1.2.0

1.2.1-dev

1.2.2

1.2.3-dev

1.2.4

1.2.5-dev

1.3.0-dev