CVE-2018-20106
6.5
CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H
Summary
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SUSE | yast2-printer | unspecified <= 4.0.2 | affected |
Weaknesses
- CWE-78: CWE-78
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.