CVE-2018-10900 log
Source |
|
Severity | High |
Remote | No |
Type | Privilege escalation |
Description | When initiating a VPNC connection, Network Manager spawns a new vpnc process and passes the configuration via STDIN. By injecting a \n character into a configuration parameter, an attacker can coerce Network Manager to set the Password helper option to an attacker controlled executable file. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-739 | networkmanager-vpnc | 1.2.4-3 | 1.2.6-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
20 Jul 2018 | ASA-201807-13 | AVG-739 | networkmanager-vpnc | High | privilege escalation |