Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in network-manager-vpnc
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in network-manager-vpnc
ID: DSA-4253-1
Distribution: Debian
Plattformen: Debian stretch
Datum: Di, 24. Juli 2018, 07:21
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10900
Applikationen: network-manager-vpnc

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4253-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
July 23, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : network-manager-vpnc
CVE ID : CVE-2018-10900
Debian Bug : 904255

Denis Andzakovic discovered that network-manager-vpnc, a plugin to
provide VPNC support for NetworkManager, is prone to a privilege
escalation vulnerability. A newline character can be used to inject a
Password helper parameter into the configuration data passed to vpnc,
allowing a local user with privileges to modify a system connection to
execute arbitrary commands as root.

For the stable distribution (stretch), this problem has been fixed in
version 1.2.4-4+deb9u1.

We recommend that you upgrade your network-manager-vpnc packages.

For the detailed security status of network-manager-vpnc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/network-manager-vpnc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAltWQhJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SKCw//VcNh7gs/gMCYvTOr3+nN0GCSpvDEif63vC9quWGN2KvBclc927tpajgV
eAbYAW+Wr7mm/IV7g0nLR5WK51qnJ6QAevJmkYKWzAQpDnDM85UkNvcYkgbZ7Btp
BMw+1e7EQv/C94nKw9KARZjco8/bo6L5A2AF59HLYAK5BjRblCWyc5dqDSj4gylE
EQUdkODJPuH7s35LUqRhsTvUiQRPaOjZ0oDIkhC44GkWPnwy5yljmRPq54mqhMYU
+NrDQjKwW1eMBNrF8/BrQq0CHP8sxftlvcgMoJzwK0YX8mS3nfhtnQRbMeBWSkId
FYkHFOCdExyZDJ145NQPeVFmHj1qHElcr2swqQg1QmH4twkDhGU90zJBNwOzPTn4
7XQYeH4o29TSNMYC5b/3OpVdrq6BlVMJjTVz92yfaMO2h0ypTqyoBYQ72kZLS9kG
PkKCL1WQWSdVJ4VNqufUiBrJNVREiSeOs00f3uBYgWYocX40b679pm8YbaQj/mUZ
NIVlPJvlrhA7UkJv5VDOZyc6DPbVnLZGB8X14+L86D98JKtfbE/RnW+m2FUkwKEW
462OYIdudV0fDDneDD2e87p8DDdTIMwgO1Smgj8062RMhiv/L6FL/5XUxr1DMS6U
AQLfdnpEf3Am6cL6FTIsj53SAmh1L9B3EHEkAPH7AxX/pogBlGU=
=VkVy
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung