CVE-2018-10900 – Network Manager VPNC 1.2.6 - 'Username' Local Privilege Escalation

https://notcve.org/view.php?id=CVE-2018-10900

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root. El plugin VPNC de Network Manager (también conocido como networkkmanager-vpnc) en versiones anteriores a la 1.2.6 es vulnerable a un ataque de escalado de privilegios. Un nuevo carácter de línea puede ser usado para inyectar un parámetro Password helper en los datos de configuración pasados a VPNC, permitiendo al atacante ejecutar comandos arbitrarios como root. Network Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/45313 https://bugzilla.novell.com/show_bug.cgi?id=1101147 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900 https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4 https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc https://security.gentoo.org/glsa/201808-03 https: • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •