This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).
07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4aGentoo Linux Security Advisory 201808-3 - A vulnerability in NetworkManager VPNC plugin allows local users to escalate privileges. Versions prior to 1.2.6 are affected.
ea39bd7ae9286e0e11774c56434c9196e05bdb6bd75bf8dd60c8aa8ad97af467Network Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability.
07086aef8c32f905b63b3ac0bd56d5717e5df977d219eaf6d7809892f46da39fDebian Linux Security Advisory 4253-1 - Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.
acbb0dffafcd605128ce0ac32a2428118b568943b15f96ed93fde4fde09b84ea
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed