CVE-2018-20106

by rootdaemon March 14, 2019

03/15/2019

CVE-2018-20106

In yast2-printer up to and including version 4.0.2 the SMB printer settings don’t escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.

Attack vector:
Network

Product:
opensuse: yast2-printer

References:
https://bugzilla.suse.com/show_bug.cgi?id=1114853

Severity:
High

CVSS Score:
9.3

CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Don't forget to share

Tags: CVE201820106

CVE-2018-20106

CVE-2018-20106

You may also like...

Leave a Reply Cancel reply

CVE-2018-20106

CVE-2018-20106

You may also like...

Rachel Noble to become director-general of the Australian Signals Directorate

Microsoft June 2020 Patch Tuesday fixes 129 vulnerabilities

Bing recommends piracy tutorial when searching for Office 2019

Leave a Reply Cancel reply

Tags