58 matches found
EUVD-2011-2643
Malware in sbrugna...
SUSE-SU-2020:1264-1 Security update for openconnect
This update for openconnect fixes the following issue: Security issue fixed: - CVE-2020-12105: Fixed the improper handling of negative return values from X509check function calls that might have allowed MITM attacks bsc1170452. Non-security issue fixed: - This is a rebuild to have a higher versio...
Fedora 28 : 1:NetworkManager-vpnc (2018-eb5ea0abaf)
Update to 1.2.6 to fix a local authenticated privilege escalation bug CVE-2018-10900. The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc Note that Tenable Network Security has extracted the preceding description bloc...
Network Manager VPNC Username Privilege Escalation
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Manager VPNC Username Privilege Escalation', 'Description' = %q This module exploits an injection vulnerability in the Network Manager VP...
Network Manager VPNC Username Privilege Escalation
This Metasploit module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This Metasploit module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a Password helper configuration directive into th...
Network Manager VPNC 1.2.6 - 'Username' Local Privilege Escalation (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Network Manager VPNC Username Privilege Escalation', 'Description' = %q This module exploits an injection vulnerability in the Network Manager VP...
GLSA-201808-03 : NetworkManager VPNC plugin: Privilege escalation
The remote host is affected by the vulnerability described in GLSA-201808-03 NetworkManager VPNC plugin: Privilege escalation When initiating a VPNC connection, NetworkManager spawns a new vpnc process and passes the configuration via STDIN. By injecting a special character into a configuration...
NetworkManager VPNC plugin: Privilege escalation
Background NetworkManager is an universal network configuration daemon for laptops, desktops, servers and virtualization hosts. The VPNC plugin provides easy access Cisco Concentrator based VPN’s utilizing NetworkManager. Description When initiating a VPNC connection, NetworkManager spawns a new...
Network Manager VPNC Username Privilege Escalation
This module exploits an injection vulnerability in the Network Manager VPNC plugin to gain root privileges. This module uses a new line injection vulnerability in the configured username for a VPN network connection to inject a Password helper configuration directive into the connection...
openSUSE Security Update : NetworkManager-vpnc (openSUSE-2018-859)
This update for NetworkManager-vpnc fixes the following issues : Security issue fixed : - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks bsc1101147. This update was imported from the SUSE:SLE-12-SP2:Update update project...
openSUSE: Security Advisory for Recommended (openSUSE-SU-2018:2307-1)
The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Recommended update for NetworkManager-vpnc (moderate)
This update for NetworkManager-vpnc fixes the following issues: Security issue fixed: - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks bsc1101147. This update was imported from the SUSE:SLE-12-SP2:Update update project...
SUSE SLED12 Security Update : Recommended update for NetworkManager-vpnc (SUSE-SU-2018:2297-1)
This update for NetworkManager-vpnc fixes the following issues: Security issue fixed : - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks bsc1101147. Note that Tenable Network Security has extracted the preceding description block...
SUSE-SU-2018:2297-1 Recommended update for NetworkManager-vpnc
This update for NetworkManager-vpnc fixes the following issues: Security issue fixed: - CVE-2018-10900: Check configurations that contain newline characters and invalidate them to avoid security attacks bsc1101147...
Debian DLA-1454-1 : network-manager-vpnc security update
Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user wit...
[SECURITY] [DLA 1454-1] network-manager-vpnc security update
Package : network-manager-vpnc Version : 0.9.10.0-1+deb8u1 CVE ID : CVE-2018-10900 Debian Bug : 904255 Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to...
DLA-1454-1 network-manager-vpnc - security update
Bulletin has no description...
Debian: Security Advisory (DLA-1454-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 27 : 1:NetworkManager-vpnc (2018-ac02463f82)
Update to 1.2.6 to fix a local authenticated privilege escalation bug CVE-2018-10900. The issue has been discovered and responsibly disclosed by Denis Andzakovic: https://pulsesecurity.co.nz/advisories/NM-VPNC-Privesc Note that Tenable Network Security has extracted the preceding description bloc...
CVE-2018-10900
Network Manager VPNC plugin aka networkmanager-vpnc before version 1.2.6 is vulnerable to a privilege escalation attack. A new line character can be used to inject a Password helper parameter into the configuration data passed to VPNC, allowing an attacker to execute arbitrary commands as root...