In yast2-printer up to and including version 4.0.2 the SMB printer settings don't escape characters in passwords properly. If a password with backticks or simliar characters is supplied this allows for executing code as root. This requires tricking root to enter such a password in yast.
References
Link | Resource |
---|---|
https://bugzilla.suse.com/show_bug.cgi?id=1114853 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: microfocus
Published: 2018-11-06T00:00:00
Updated: 2021-01-06T16:15:50
Reserved: 2018-12-12T00:00:00
Link: CVE-2018-20106
JSON object: View
NVD Information
Status : Modified
Published: 2019-03-15T20:29:00.730
Modified: 2023-11-07T02:56:12.403
Link: CVE-2018-20106
JSON object: View
Redhat Information
No data.