Oval Definition:	oval:org.opensuse.security:def:201810900
Revision Date: 2022-06-30 Version: 1 Title: CVE-2018-10900 Description: Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. Family: unix Class: vulnerability Status: Reference(s): CVE-2018-10900 SUSE-SU-2018:2297-1 openSUSE-SU-2018:2307-1 Mitre CVE-2018-10900 SUSE CVE-2018-10900 SUSE-SU-2018:2297-1 openSUSE-SU-2018:2307-1 Platform(s): openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 42.3 openSUSE Tumbleweed SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Workstation Extension 12 SP3 Product(s): Definition Synopsis SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information NetworkManager-vpnc-1.0.8-8.4.2 is installed OR NetworkManager-vpnc-gnome-1.0.8-8.4.2 is installed OR NetworkManager-vpnc-lang-1.0.8-8.4.2 is installed Definition Synopsis SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information NetworkManager-vpnc-1.0.8-8.4 is installed OR NetworkManager-vpnc-gnome-1.0.8-8.4 is installed OR NetworkManager-vpnc-lang-1.0.8-8.4 is installed Definition Synopsis openSUSE Leap 42.3 is installed AND Package Information NetworkManager-vpnc-1.0.8-7.3 is installed AND NetworkManager-vpnc is signed with openSUSE key OR NetworkManager-vpnc-gnome-1.0.8-7.3 is installed AND NetworkManager-vpnc-gnome is signed with openSUSE key OR NetworkManager-vpnc-lang-1.0.8-7.3 is installed AND NetworkManager-vpnc-lang is signed with openSUSE key Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information NetworkManager-vpnc-1.0.8-8.4 is installed OR NetworkManager-vpnc-gnome-1.0.8-8.4 is installed OR NetworkManager-vpnc-lang-1.0.8-8.4 is installed Definition Synopsis openSUSE Tumbleweed is installed AND Package Information NetworkManager-vpnc-1.2.6-4.1 is installed OR NetworkManager-vpnc-gnome-1.2.6-4.1 is installed OR NetworkManager-vpnc-lang-1.2.6-4.1 is installed Definition Synopsis Release Information SUSE Linux Enterprise Desktop 12 SP3 is installed OR SUSE Linux Enterprise Server 12 SP3 is installed OR SUSE Linux Enterprise Server for SAP Applications 12 SP3 is installed OR SUSE Linux Enterprise Workstation Extension 12 SP3 is installed AND Package Information NetworkManager-vpnc-1.0.8-8.4.2 is installed OR NetworkManager-vpnc-gnome-1.0.8-8.4.2 is installed OR NetworkManager-vpnc-lang-1.0.8-8.4.2 is installed Definition Synopsis openSUSE Leap 15.3 is installed AND Package Information NetworkManager-vpnc-1.2.6-lp153.1.31 is installed AND NetworkManager-vpnc is signed with openSUSE key OR NetworkManager-vpnc-gnome-1.2.6-lp153.1.31 is installed AND NetworkManager-vpnc-gnome is signed with openSUSE key OR NetworkManager-vpnc-lang-1.2.6-lp153.1.31 is installed AND NetworkManager-vpnc-lang is signed with openSUSE key Definition Synopsis openSUSE Leap 15.4 is installed AND Package Information NetworkManager-vpnc-1.2.6-bp154.2.68 is installed AND NetworkManager-vpnc is signed with openSUSE key OR NetworkManager-vpnc-gnome-1.2.6-bp154.2.68 is installed AND NetworkManager-vpnc-gnome is signed with openSUSE key OR NetworkManager-vpnc-lang-1.2.6-bp154.2.68 is installed AND NetworkManager-vpnc-lang is signed with openSUSE key
BACK