CVE-2018-17957: yast2-rmt leaks database passwords in process list
First published: Sun Dec 23 2018(Updated: )
The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Repository Mirroring Tool | <1.1.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-17957?
CVE-2018-17957 has been classified as a medium severity vulnerability due to its potential impact on local system security.
How do I fix CVE-2018-17957?
To mitigate CVE-2018-17957, upgrade the SUSE Repository Mirroring Tool (RMT) to version 1.1.2 or later.
Who is affected by CVE-2018-17957?
Users of SUSE Repository Mirroring Tool versions prior to 1.1.2 are affected by CVE-2018-17957.
What exploit does CVE-2018-17957 enable?
CVE-2018-17957 allows local attackers to access or corrupt the RMT database by exposing MySQL database passwords.
What components are involved in CVE-2018-17957?
CVE-2018-17957 involves the YaST2 RMT module and the MySQL database used by the SUSE Repository Mirroring Tool.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/references
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/author
- agent/remedy
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- agent/source
- vendor/suse
- canonical/suse repository mirroring tool