CVE-2018-20106


03/15/2019

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don’t escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.

Attack vector: 
Network

Product: 
opensuse: yast2-printer

References: 
https://bugzilla.suse.com/show_bug.cgi?id=1114853

Severity: 
High

CVSS Score: 
9.3

CVSS Vector: 
(AV:N/AC:M/Au:N/C:C/I:C/A:C)



Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *