what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2018-10900

Status Candidate

Overview

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root.

Related Files

Network Manager VPNC Username Privilege Escalation
Posted Aug 31, 2018
Authored by Brendan Coles, Denis Andzakovic | Site metasploit.com

This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration. The specified helper is executed by Network Manager as root when the connection is started. Network Manager VPNC versions prior to 1.2.6 are vulnerable. This Metasploit module has been tested successfully with VPNC versions: 1.2.4-4 on Debian 9.0.0 (x64); and 1.1.93-1 on Ubuntu Linux 16.04.4 (x64).

tags | exploit, root
systems | linux, debian, ubuntu
advisories | CVE-2018-10900
SHA-256 | 07e3f24f0ba44622e12961448bb4ae2cacb1f01c983cf368bc94c3c2107fbe4a
Gentoo Linux Security Advisory 201808-03
Posted Aug 22, 2018
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201808-3 - A vulnerability in NetworkManager VPNC plugin allows local users to escalate privileges. Versions prior to 1.2.6 are affected.

tags | advisory, local
systems | linux, gentoo
advisories | CVE-2018-10900
SHA-256 | ea39bd7ae9286e0e11774c56434c9196e05bdb6bd75bf8dd60c8aa8ad97af467
Network Manager VPNC 1.2.4 Privilege Escalation
Posted Jul 23, 2018
Authored by Denis Andzakovic

Network Manager VPNC version 1.2.4 suffers from a privilege escalation vulnerability.

tags | exploit
advisories | CVE-2018-10900
SHA-256 | 07086aef8c32f905b63b3ac0bd56d5717e5df977d219eaf6d7809892f46da39f
Debian Security Advisory 4253-1
Posted Jul 23, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4253-1 - Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.

tags | advisory, arbitrary, local, root
systems | linux, debian
advisories | CVE-2018-10900
SHA-256 | acbb0dffafcd605128ce0ac32a2428118b568943b15f96ed93fde4fde09b84ea
Page 1 of 1
Back1Next

File Archive:

October 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    39 Files
  • 2
    Oct 2nd
    23 Files
  • 3
    Oct 3rd
    18 Files
  • 4
    Oct 4th
    20 Files
  • 5
    Oct 5th
    0 Files
  • 6
    Oct 6th
    0 Files
  • 7
    Oct 7th
    17 Files
  • 8
    Oct 8th
    66 Files
  • 9
    Oct 9th
    25 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    21 Files
  • 12
    Oct 12th
    0 Files
  • 13
    Oct 13th
    0 Files
  • 14
    Oct 14th
    14 Files
  • 15
    Oct 15th
    0 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close