Vulnerability CVE-2018-17956


Published: 2019-03-15

Description:
In yast2-samba-provision up to and including version 1.0.1 the password for samba shares was provided on the command line to tools used by yast2-samba-provision, allowing local attackers to read them in the process list

Type:

CWE-255

(Credentials Management)

Vendor: Opensuse
Product: Yast2-samba-provision 
Version: 1.0.1;

CVSS2 => (AV:L/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.1/10
2.9/10
3.9/10
Exploit range
Attack complexity
Authentication
Local
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://bugzilla.suse.com/show_bug.cgi?id=1117597

Related CVE
CVE-2018-20106
In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking r...
CVE-2018-20534
There is an illegal address access at src/pool.h (function pool_whatprovides) in libsolv.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20533
There is a NULL pointer dereference at ext/testcase.c (function testcase_str2dep_complex) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-20532
There is a NULL pointer dereference at ext/testcase.c (function testcase_read) in libsolvext.a in libsolv through 0.7.2 that will cause a denial of service.
CVE-2018-19873
An issue was discovered in Qt before 5.11.3. QBmpHandler has a buffer overflow via BMP data.
CVE-2018-15518
QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.
CVE-2017-5934
Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2018-12479
A Improper Input Validation vulnerability in Open Build Service allows remote attackers to cause DoS by specifying crafted request IDs. Affected releases are openSUSE Open Build Service: versions prior to 01b015ca2a320afc4fae823465d1e72da8bd60df.

Copyright 2019, cxsecurity.com

 

Back to Top