CVE-2018-20106

by rootdaemon March 14, 2019

03/15/2019

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don’t escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.

Attack vector:
Network

Product:
opensuse: yast2-printer

References:
https://bugzilla.suse.com/show_bug.cgi?id=1114853

Severity:
High

CVSS Score:
9.3

CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Don't forget to share

Tags: CVE201820106

CVE-2018-20106

CVE-2018-20106

You may also like...

Leave a Reply Cancel reply

CVE-2018-20106

CVE-2018-20106

You may also like...

IBM finds ASX outage the result of trade platform not being ready for go-live

From Graduating College to Raising $1+ Million Dollars in 9 months

High-Severity RCE Security Bug Reported in Apache Cassandra Database Software

Leave a Reply Cancel reply

Tags