CVE-2018-1000135

Severity Score

7.5

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.

GNOME NetworkManager, en versiones 1.10.2 y anteriores, contiene una vulnerabilidad de exposición de información (CWE-200) en la resolución DNS que puede resultar en el filtrado de consultas DNS privadas en los servidores DNS de las redes locales mientras se está en una VPN. Aparentemente, esta vulnerabilidad ha sido solucionada en algunos paquetes de Ubuntu 16.04, pero las posteriores actualizaciones eliminaron esta solución. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 no parece que exista actualmente una solución ascendente.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2018-03-20 CVE Reserved
2018-03-20 CVE Published
2023-09-20 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/103478	Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671	Issue Tracking
https://bugzilla.gnome.org/show_bug.cgi?id=746422	Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1553634	Issue Tracking

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html	2019-06-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnome Search vendor "Gnome"		Networkmanager Search vendor "Gnome" for product "Networkmanager"				<= 1.10.2 Search vendor "Gnome" for product "Networkmanager" and version " <= 1.10.2"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		-		Affected