Debian Linux Security Advisory 4253-1 - Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.
acbb0dffafcd605128ce0ac32a2428118b568943b15f96ed93fde4fde09b84ea