CVE-2018-20106
SMB printer settings don't escape characters in passwords properly
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Productos afectados
SUSE · yast2-printer¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →