In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1114853 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: microfocus
Published: 2019-03-15T20:00:00Z
Updated: 2024-09-16T17:23:19.129Z
Reserved: 2018-12-12T00:00:00
Link: CVE-2018-20106
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-03-15T20:29:00.730
Modified: 2023-11-07T02:56:12.403
Link: CVE-2018-20106
Redhat
No data.