Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2018-1000135

Published: 20/03/2018 Updated: 03/06/2019
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Gnome

Vulnerability Summary

GNOME NetworkManager version 1.10.2 and previous versions contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnome networkmanager

canonical ubuntu linux 16.04

Vendor Advisories

Debian CVElist Bug Report Logs: network-manager: CVE-2018-1000135: Full-tunnel VPN misconfigures DNS servers, leaks private information
Debian Bug report logs - #895658 network-manager: CVE-2018-1000135: Full-tunnel VPN misconfigures DNS servers, leaks private information Package: src:network-manager; Maintainer for src:network-manager is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@deb ...
Red Hat: CVE-2018-1000135
An information exposure vulnerability has been found in NetworkManager when dnsmasq is used in DNS processing mode An attacker in control of a DNS server could receive DNS queries even though a Virtual Private Network (VPN) was configured on the vulnerable machine ...
Arch Linux Issues:
GNOME NetworkManager version 1102 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN ...

References

CWE-200https://bugzilla.redhat.com/show_bug.cgi?id=1553634https://bugzilla.gnome.org/show_bug.cgi?id=746422https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671http://www.securityfocus.com/bid/103478http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=895658https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2018-1000135
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
encryptionCVE-2024-4331CVE-2024-26925arbitrary codeCVE-2006-4304CVE-2024-25458CVE-2024-27077reflected XSSCVE-2024-4059
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook