CVE-2018-10900 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	No
Type	Privilege escalation
Description	When initiating a VPNC connection, Network Manager spawns a new vpnc process and passes the configuration via STDIN. By injecting a \n character into a configuration parameter, an attacker can coerce Network Manager to set the Password helper option to an attacker controlled executable file.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-739	networkmanager-vpnc	1.2.4-3	1.2.6-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Jul 2018	ASA-201807-13	AVG-739	networkmanager-vpnc	High	privilege escalation

References
https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4 https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news https://marc.info/?l=oss-security&m=153207963021874

References

https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4
https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news
https://marc.info/?l=oss-security&m=153207963021874