CVE-2018-17957 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-17957 Interim 1 23 2022-11-26T01:35:52Z current 2021-05-30T14:17:35Z 2022-11-26T01:35:52Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-17957 The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2018-December/004991.html E-Mail link for SUSE-SU-2018:4209-1 https://lists.opensuse.org/opensuse-security-announce/2018-12/msg00068.html E-Mail link for openSUSE-SU-2018:4272-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Server Business Critical Linux 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Manager Proxy 4.0 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Manager Retail Branch Server 4.0 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Manager Server 4.0 SUSE Linux Enterprise Module for Server Applications 15 SP2 SUSE Linux Enterprise Module for Server Applications 15 SP3 SUSE Linux Enterprise Module for Server Applications 15 SP4 openSUSE Leap 15.0 openSUSE Tumbleweed yast2-rmt yast2-rmt-1.1.2-3.11.1 yast2-rmt-1.1.2-lp150.2.12.1 yast2-rmt-1.2.1-1.25 yast2-rmt-1.3.0-1.43 yast2-rmt-1.3.2-3.3.1 yast2-rmt-1.3.3-1.2 yast2-rmt-1.1.2-3.11.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 yast2-rmt-1.2.1-1.25 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP1 yast2-rmt-1.3.0-1.43 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP2 yast2-rmt-1.3.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP3 yast2-rmt-1.3.2-3.3.1 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP4 yast2-rmt-1.1.2-lp150.2.12.1 as a component of openSUSE Leap 15.0 yast2-rmt-1.3.3-1.2 as a component of openSUSE Tumbleweed yast2-rmt as a component of SUSE CaaS Platform 4.0 yast2-rmt as a component of SUSE Enterprise Storage 6 yast2-rmt as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS yast2-rmt as a component of SUSE Linux Enterprise Server 15 SP1-LTSS yast2-rmt as a component of SUSE Linux Enterprise Server Business Critical Linux 15 SP1 yast2-rmt as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 yast2-rmt as a component of SUSE Manager Proxy 4.0 yast2-rmt as a component of SUSE Manager Retail Branch Server 4.0 yast2-rmt as a component of SUSE Manager Server 4.0 The YaST2 RMT module for configuring the SUSE Repository Mirroring Tool (RMT) before 1.1.2 exposed MySQL database passwords on process commandline, allowing local attackers to access or corrupt the RMT database. CVE-2018-17957 SUSE Linux Enterprise Module for Server Applications 15:yast2-rmt-1.1.2-3.11.1 SUSE Linux Enterprise Module for Server Applications 15 SP1:yast2-rmt-1.2.1-1.25 SUSE Linux Enterprise Module for Server Applications 15 SP2:yast2-rmt-1.3.0-1.43 SUSE Linux Enterprise Module for Server Applications 15 SP3:yast2-rmt-1.3.2-3.3.1 SUSE Linux Enterprise Module for Server Applications 15 SP4:yast2-rmt-1.3.2-3.3.1 openSUSE Leap 15.0:yast2-rmt-1.1.2-lp150.2.12.1 openSUSE Tumbleweed:yast2-rmt-1.3.3-1.2 SUSE CaaS Platform 4.0:yast2-rmt SUSE Enterprise Storage 6:yast2-rmt SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:yast2-rmt SUSE Linux Enterprise Server 15 SP1-LTSS:yast2-rmt SUSE Linux Enterprise Server Business Critical Linux 15 SP1:yast2-rmt SUSE Linux Enterprise Server for SAP Applications 15 SP1:yast2-rmt SUSE Manager Proxy 4.0:yast2-rmt SUSE Manager Retail Branch Server 4.0:yast2-rmt SUSE Manager Server 4.0:yast2-rmt low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 3.4 CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N