DSA-4253-1 network-manager-vpnc -- network-manager-vpncID: oval:org.secpod.oval:def:603463 | Date: (C)2018-07-24 (M)2023-04-27 |
Class: PATCH | Family: unix |
Denis Andzakovic discovered that network-manager-vpnc, a plugin to provide VPNC support for NetworkManager, is prone to a privilege escalation vulnerability. A newline character can be used to inject a Password helper parameter into the configuration data passed to vpnc, allowing a local user with privileges to modify a system connection to execute arbitrary commands as root.
Product: |
network-manager-vpnc |