CVE-2018-20106
03/15/2019
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don’t escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
Attack vector:
Network
Product:
opensuse: yast2-printer
References:
https://bugzilla.suse.com/show_bug.cgi?id=1114853
Severity:
High
CVSS Score:
9.3
CVSS Vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Don't forget to share