This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4aGentoo Linux Security Advisory 201808-3 - A vulnerability in NetworkManager VPNC plugin allows local users to escalate privileges. Versions prior to 1.2.6 are affected.
ea39bd7ae9286e0e11774c56434c9196e05bdb6bd75bf8dd60c8aa8ad97af467Red Hat Security Advisory 2018-2391-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.
e0918e305e3fc1408bdb123ee18582a548b098d88b875af92d2b93fa76e4f780Red Hat Security Advisory 2018-2393-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.
eb26a0479759b3cd568f0f586550ccb96de56c27d15cb93637e68ea3bde94befRed Hat Security Advisory 2018-2394-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a bypass vulnerability.
96350d9f9d8697afd9a480724105b5aef15a51d0552d68e86492a160c232117aRed Hat Security Advisory 2018-2392-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include a speculative execution vulnerability.
044fae32edc1ef7d67944bde621ecbeb436954abee5f536e51168d50339e888aRed Hat Security Advisory 2018-2390-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Issues addressed include bypass, denial of service, and use-after-free vulnerabilities.
15eaed3e014c6abcd7ef4aea5c724475e760f7f6f793ec69de76aed893e74d80Debian Linux Security Advisory 4257-1 - Jann Horn discovered that FUSE, a Filesystem in USErspace, allows the bypass of the 'user_allow_other' restriction when SELinux is active (including in permissive mode). A local user can take advantage of this flaw in the fusermount utility to bypass the system configuration and mount a FUSE filesystem with the 'allow_other' mount option.
6ae379afa1bdb3daca80e53b902623ac0af07b819114316f385107c5a5c45863It is possible to bypass fusermount's restrictions on the use of the "allow_other" mount option as follows if SELinux is active.
f8811f70025a2c7cb736546cf68f180165bf220f896460ba119cccb6e37d586cNetwork Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability.
07086aef8c32f905b63b3ac0bd56d5717e5df977d219eaf6d7809892f46da39fDebian Linux Security Advisory 4253-1 - Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.
acbb0dffafcd605128ce0ac32a2428118b568943b15f96ed93fde4fde09b84eaUbuntu Security Notice 3720-1 - It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information.
d8b44664302f10984ac85d8e97b0556cc9e634645ffdba8f2bb2f87b340bb898
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed