Published: 26/07/2018 Updated: 04/12/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 725

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Network Manager VPNC plugin (aka networkmanager-vpnc) before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an malicious user to execute arbitrary commands as root.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnome network manager vpnc
debian debian linux 8.0
debian debian linux 9.0

Debian Bug report logs - #904255 network-manager-vpnc: CVE-2018-10900: privilege escalation Package: src:network-manager-vpnc; Maintainer for src:network-manager-vpnc is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sun, 22 Jul 201 ...

When initiating a VPNC connection, Network Manager spawns a new vpnc process and passes the configuration via STDIN By injecting a \n character into a configuration parameter, an attacker can coerce Network Manager to set the Password helper option to an attacker controlled executable file ...

## # This module requires Metasploit: metasploitcom/download # Current source: githubcom/rapid7/metasploit-framework ## class MetasploitModule < Msf::Exploit::Local Rank = ExcellentRanking include Msf::Post::File include Msf::Post::Linux::Priv include Msf::Post::Linux::System include Msf::Exploit::EXE include Msf: ...

Network Manager VPNC version 124 suffers from a privilege escalation vulnerability ...

This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a `Password helper` configuration directive into the connection configuration The specified helper is ...

Full Disclosure mailing list archives   By Date By Thread </form>    Network Manager VPNC - Privilege Escalation (CVE-2018-10900)   Fr ...

CWE-78 https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc https://gitlab.gnome.org/GNOME/NetworkManager-vpnc/commit/07ac18a32b4 https://download.gnome.org/sources/NetworkManager-vpnc/1.2/NetworkManager-vpnc-1.2.6.news https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10900 https://bugzilla.novell.com/show_bug.cgi?id=1101147 https://www.debian.org/security/2018/dsa-4253 https://lists.debian.org/debian-lts-announce/2018/07/msg00048.html https://www.exploit-db.com/exploits/45313/https://security.gentoo.org/glsa/201808-03 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904255 https://nvd.nist.gov https://www.exploit-db.com/exploits/45313/https://security.archlinux.org/CVE-2018-10900

CVE-2018-10900

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

Mailing Lists

References

Vulmon Search

About

Products

Connect