Oval Definition:oval:org.opensuse.security:def:201810900
Revision Date:2022-06-30Version:1
Title:CVE-2018-10900
Description:

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-10900
SUSE-SU-2018:2297-1
openSUSE-SU-2018:2307-1
Mitre CVE-2018-10900
SUSE CVE-2018-10900
SUSE-SU-2018:2297-1
openSUSE-SU-2018:2307-1
Platform(s):openSUSE Leap 15.3
openSUSE Leap 15.4
openSUSE Leap 42.3
openSUSE Tumbleweed
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Workstation Extension 12 SP3
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.0.8-8.4.2 is installed
  • OR NetworkManager-vpnc-gnome-1.0.8-8.4.2 is installed
  • OR NetworkManager-vpnc-lang-1.0.8-8.4.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.0.8-8.4 is installed
  • OR NetworkManager-vpnc-gnome-1.0.8-8.4 is installed
  • OR NetworkManager-vpnc-lang-1.0.8-8.4 is installed
    • Definition Synopsis
  • openSUSE Leap 42.3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.0.8-7.3 is installed
  • AND NetworkManager-vpnc is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-gnome-1.0.8-7.3 is installed
  • AND NetworkManager-vpnc-gnome is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-lang-1.0.8-7.3 is installed
  • AND NetworkManager-vpnc-lang is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.0.8-8.4 is installed
  • OR NetworkManager-vpnc-gnome-1.0.8-8.4 is installed
  • OR NetworkManager-vpnc-lang-1.0.8-8.4 is installed
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • NetworkManager-vpnc-1.2.6-4.1 is installed
  • OR NetworkManager-vpnc-gnome-1.2.6-4.1 is installed
  • OR NetworkManager-vpnc-lang-1.2.6-4.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • OR SUSE Linux Enterprise Server 12 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed
  • OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.0.8-8.4.2 is installed
  • OR NetworkManager-vpnc-gnome-1.0.8-8.4.2 is installed
  • OR NetworkManager-vpnc-lang-1.0.8-8.4.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.2.6-lp153.1.31 is installed
  • AND NetworkManager-vpnc is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-gnome-1.2.6-lp153.1.31 is installed
  • AND NetworkManager-vpnc-gnome is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-lang-1.2.6-lp153.1.31 is installed
  • AND NetworkManager-vpnc-lang is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Leap 15.4 is installed
  • AND Package Information
  • NetworkManager-vpnc-1.2.6-bp154.2.68 is installed
  • AND NetworkManager-vpnc is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-gnome-1.2.6-bp154.2.68 is installed
  • AND NetworkManager-vpnc-gnome is signed with openSUSE key
  • OR
  • NetworkManager-vpnc-lang-1.2.6-bp154.2.68 is installed
  • AND NetworkManager-vpnc-lang is signed with openSUSE key
    • BACK