Oval Definition:oval:org.opensuse.security:def:201812551
Revision Date:2022-06-30Version:1
Title:CVE-2018-12551
Description:

When Eclipse Mosquitto version 1.0 to 1.5.5 (inclusive) is configured to use a password file for authentication, any malformed data in the password file will be treated as valid. This typically means that the malformed data becomes a username and no password. If this occurs, clients can circumvent authentication and get access to the broker by using the malformed username. In particular, a blank line will be treated as a valid empty username. Other security measures are unaffected. Users who have only used the mosquitto_passwd utility to create and modify their password files are unaffected by this vulnerability.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2018-12551
Mitre CVE-2018-12551
SUSE CVE-2018-12551
openSUSE-SU-2019:0233-1
openSUSE-SU-2019:0237-1
Platform(s):openSUSE Leap 15.0
openSUSE Tumbleweed
SUSE Linux Enterprise High Performance Computing 15
SUSE Linux Enterprise Server 15
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Package Hub for SUSE Linux Enterprise 15
Product(s):
Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND Package Information
  • libmosquitto1-1.4.15-bp150.3.3 is installed
  • OR libmosquittopp1-1.4.15-bp150.3.3 is installed
  • OR mosquitto-1.4.15-bp150.3.3 is installed
  • OR mosquitto-clients-1.4.15-bp150.3.3 is installed
  • OR mosquitto-devel-1.4.15-bp150.3.3 is installed
    • Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libmosquitto1-1.4.15-lp150.2.3 is installed
  • AND libmosquitto1 is signed with openSUSE key
  • OR
  • libmosquittopp1-1.4.15-lp150.2.3 is installed
  • AND libmosquittopp1 is signed with openSUSE key
  • OR
  • mosquitto-1.4.15-lp150.2.3 is installed
  • AND mosquitto is signed with openSUSE key
  • OR
  • mosquitto-clients-1.4.15-lp150.2.3 is installed
  • AND mosquitto-clients is signed with openSUSE key
  • OR
  • mosquitto-devel-1.4.15-lp150.2.3 is installed
  • AND mosquitto-devel is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • libmosquitto1-2.0.11-1.2 is installed
  • OR libmosquittopp1-2.0.11-1.2 is installed
  • OR mosquitto-2.0.11-1.2 is installed
  • OR mosquitto-clients-2.0.11-1.2 is installed
  • OR mosquitto-devel-2.0.11-1.2 is installed
    • Definition Synopsis
  • SUSE Package Hub for SUSE Linux Enterprise 15 is installed
  • AND Package Information
  • libmosquitto1-1.4.15-bp150.3.3.1 is installed
  • OR libmosquittopp1-1.4.15-bp150.3.3.1 is installed
  • OR mosquitto-1.4.15-bp150.3.3.1 is installed
  • OR mosquitto-clients-1.4.15-bp150.3.3.1 is installed
  • OR mosquitto-devel-1.4.15-bp150.3.3.1 is installed
    • BACK