Bug 1086263 (CVE-2018-1000135) - VUL-1: CVE-2018-1000135: NetworkManager: Full-tunnel VPN misconfigures DNS servers, leaks private information
Summary: VUL-1: CVE-2018-1000135: NetworkManager: Full-tunnel VPN misconfigures DNS se...
Status: RESOLVED FIXED
Alias: CVE-2018-1000135
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P4 - Low : Minor
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/202265/
Whiteboard: CVSSv3:SUSE:CVE-2018-1000135:5.3:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2018-03-21 14:50 UTC by Karol Babioch
Modified: 2024-05-09 11:06 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Karol Babioch 2018-03-21 14:50:54 UTC 
rh#1553634

GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure
(CWE-200) vulnerability in DNS resolver that can result in Private DNS queries
leaked to local network's DNS servers, while on VPN. This vulnerability appears
to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates
removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream
fix does not appear to be available at this time.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1558238
https://bugzilla.redhat.com/show_bug.cgi?id=1553634
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000135
http://people.canonical.com/~ubuntu-security/cve/2018/CVE-2018-1000135.html
https://bugzilla.gnome.org/show_bug.cgi?id=746422
https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
Comment 2 Jonathan Kang 2019-04-26 06:58:04 UTC 
Fix has been backported[1] to SUSE:SLE-15:Update/NetworkManager. We ship 1.0.12
in SLE 12, which is many versions behind 1.10, and I don't think there is a way
of backporting it to 1.0.x.

*[1] https://build.suse.de/request/show/191389
Comment 3 Swamp Workflow Management 2019-05-28 19:11:15 UTC 
SUSE-SU-2019:1369-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1086263
CVE References: CVE-2018-1000135
Sources used:
SUSE Linux Enterprise Workstation Extension 15 (src):    NetworkManager-1.10.6-5.6.1
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 (src):    NetworkManager-1.10.6-5.6.1
SUSE Linux Enterprise Module for Desktop Applications 15 (src):    NetworkManager-1.10.6-5.6.1
SUSE Linux Enterprise Module for Basesystem 15 (src):    NetworkManager-1.10.6-5.6.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 4 Swamp Workflow Management 2019-06-03 10:17:45 UTC 
openSUSE-SU-2019:1494-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1086263
CVE References: CVE-2018-1000135
Sources used:
openSUSE Leap 15.0 (src):    NetworkManager-1.10.6-lp150.4.6.1