Vulnerability Details CVE-2018-1000135
GNOME NetworkManager version 1.10.2 and earlier contains a Information Exposure (CWE-200) vulnerability in DNS resolver that can result in Private DNS queries leaked to local network's DNS servers, while on VPN. This vulnerability appears to have been fixed in Some Ubuntu 16.04 packages were fixed, but later updates removed the fix. cf. https://bugs.launchpad.net/ubuntu/+bug/1754671 an upstream fix does not appear to be available at this time.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.6%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html
- http://www.securityfocus.com/bid/103478
- https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
- https://bugzilla.gnome.org/show_bug.cgi?id=746422
- https://bugzilla.redhat.com/show_bug.cgi?id=1553634
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00005.html
- http://www.securityfocus.com/bid/103478
- https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
- https://bugzilla.gnome.org/show_bug.cgi?id=746422
- https://bugzilla.redhat.com/show_bug.cgi?id=1553634
Products affected by CVE-2018-1000135
-
cpe:2.3:a:gnome:networkmanager:0.1
-
cpe:2.3:a:gnome:networkmanager:0.3.1
-
cpe:2.3:a:gnome:networkmanager:0.4
-
cpe:2.3:a:gnome:networkmanager:0.4.1
-
cpe:2.3:a:gnome:networkmanager:0.5.0
-
cpe:2.3:a:gnome:networkmanager:0.5.1
-
cpe:2.3:a:gnome:networkmanager:0.6.0
-
cpe:2.3:a:gnome:networkmanager:0.6.1
-
cpe:2.3:a:gnome:networkmanager:0.6.2
-
cpe:2.3:a:gnome:networkmanager:0.6.3
-
cpe:2.3:a:gnome:networkmanager:0.6.4
-
cpe:2.3:a:gnome:networkmanager:0.6.5
-
cpe:2.3:a:gnome:networkmanager:0.7.0
-
cpe:2.3:a:gnome:networkmanager:0.7.0.100
-
cpe:2.3:a:gnome:networkmanager:0.7.0.97
-
cpe:2.3:a:gnome:networkmanager:0.7.0.98
-
cpe:2.3:a:gnome:networkmanager:0.7.0.99
-
cpe:2.3:a:gnome:networkmanager:0.7.1
-
cpe:2.3:a:gnome:networkmanager:0.7.1.997
-
cpe:2.3:a:gnome:networkmanager:0.7.1.998
-
cpe:2.3:a:gnome:networkmanager:0.7.2
-
cpe:2.3:a:gnome:networkmanager:0.7.2.995
-
cpe:2.3:a:gnome:networkmanager:0.7.2.996
-
cpe:2.3:a:gnome:networkmanager:0.7.2.997
-
cpe:2.3:a:gnome:networkmanager:0.7.3
-
cpe:2.3:a:gnome:networkmanager:0.7.998
-
cpe:2.3:a:gnome:networkmanager:0.7.999
-
cpe:2.3:a:gnome:networkmanager:0.8
-
cpe:2.3:a:gnome:networkmanager:0.8.0
-
cpe:2.3:a:gnome:networkmanager:0.8.0.997
-
cpe:2.3:a:gnome:networkmanager:0.8.0.998
-
cpe:2.3:a:gnome:networkmanager:0.8.0.999
-
cpe:2.3:a:gnome:networkmanager:0.8.1
-
cpe:2.3:a:gnome:networkmanager:0.8.1.997
-
cpe:2.3:a:gnome:networkmanager:0.8.1.998
-
cpe:2.3:a:gnome:networkmanager:0.8.1.999
-
cpe:2.3:a:gnome:networkmanager:0.8.2
-
cpe:2.3:a:gnome:networkmanager:0.8.3.995
-
cpe:2.3:a:gnome:networkmanager:0.8.3.996
-
cpe:2.3:a:gnome:networkmanager:0.8.3.997
-
cpe:2.3:a:gnome:networkmanager:0.8.3.998
-
cpe:2.3:a:gnome:networkmanager:0.8.3.999
-
cpe:2.3:a:gnome:networkmanager:0.8.4.0
-
cpe:2.3:a:gnome:networkmanager:0.8.5.91
-
cpe:2.3:a:gnome:networkmanager:0.8.5.92
-
cpe:2.3:a:gnome:networkmanager:0.8.5.93
-
cpe:2.3:a:gnome:networkmanager:0.8.6.0
-
cpe:2.3:a:gnome:networkmanager:0.8.995
-
cpe:2.3:a:gnome:networkmanager:0.8.996
-
cpe:2.3:a:gnome:networkmanager:0.8.997
-
cpe:2.3:a:gnome:networkmanager:0.8.998
-
cpe:2.3:a:gnome:networkmanager:0.8.999
-
cpe:2.3:a:gnome:networkmanager:0.8.9997
-
cpe:2.3:a:gnome:networkmanager:0.9.0
-
cpe:2.3:a:gnome:networkmanager:0.9.1.90
-
cpe:2.3:a:gnome:networkmanager:0.9.1.95
-
cpe:2.3:a:gnome:networkmanager:0.9.10.0
-
cpe:2.3:a:gnome:networkmanager:0.9.10.1
-
cpe:2.3:a:gnome:networkmanager:0.9.10.2
-
cpe:2.3:a:gnome:networkmanager:0.9.2.0
-
cpe:2.3:a:gnome:networkmanager:0.9.3.990
-
cpe:2.3:a:gnome:networkmanager:0.9.3.995
-
cpe:2.3:a:gnome:networkmanager:0.9.3.997
-
cpe:2.3:a:gnome:networkmanager:0.9.4.0
-
cpe:2.3:a:gnome:networkmanager:0.9.5.95
-
cpe:2.3:a:gnome:networkmanager:0.9.5.96
-
cpe:2.3:a:gnome:networkmanager:0.9.6.0
-
cpe:2.3:a:gnome:networkmanager:0.9.6.4
-
cpe:2.3:a:gnome:networkmanager:0.9.7.995
-
cpe:2.3:a:gnome:networkmanager:0.9.7.997
-
cpe:2.3:a:gnome:networkmanager:0.9.8.0
-
cpe:2.3:a:gnome:networkmanager:0.9.8.10
-
cpe:2.3:a:gnome:networkmanager:0.9.8.2
-
cpe:2.3:a:gnome:networkmanager:0.9.8.4
-
cpe:2.3:a:gnome:networkmanager:0.9.8.6
-
cpe:2.3:a:gnome:networkmanager:0.9.8.8
-
cpe:2.3:a:gnome:networkmanager:0.9.8.9
-
cpe:2.3:a:gnome:networkmanager:0.9.9.95
-
cpe:2.3:a:gnome:networkmanager:0.9.9.98
-
cpe:2.3:a:gnome:networkmanager:0.995.0
-
cpe:2.3:a:gnome:networkmanager:1.1.90
-
cpe:2.3:a:gnome:networkmanager:1.1.91
-
cpe:2.3:a:gnome:networkmanager:1.1.92
-
cpe:2.3:a:gnome:networkmanager:1.1.93
-
cpe:2.3:a:gnome:networkmanager:1.1.94
-
cpe:2.3:a:gnome:networkmanager:1.10.0
-
cpe:2.3:a:gnome:networkmanager:1.10.2
-
cpe:2.3:a:gnome:networkmanager:1.2.0
-
cpe:2.3:a:gnome:networkmanager:1.2.2
-
cpe:2.3:a:gnome:networkmanager:1.2.4
-
cpe:2.3:a:gnome:networkmanager:1.2.6
-
cpe:2.3:a:gnome:networkmanager:1.3.90
-
cpe:2.3:a:gnome:networkmanager:1.3.91
-
cpe:2.3:a:gnome:networkmanager:1.4.0
-
cpe:2.3:a:gnome:networkmanager:1.4.2
-
cpe:2.3:a:gnome:networkmanager:1.4.4
-
cpe:2.3:a:gnome:networkmanager:1.4.6
-
cpe:2.3:a:gnome:networkmanager:1.5.2
-
cpe:2.3:a:gnome:networkmanager:1.5.3
-
cpe:2.3:a:gnome:networkmanager:1.5.90
-
cpe:2.3:a:gnome:networkmanager:1.5.91
-
cpe:2.3:a:gnome:networkmanager:1.6.0
-
cpe:2.3:a:gnome:networkmanager:1.6.2
-
cpe:2.3:a:gnome:networkmanager:1.6.4
-
cpe:2.3:a:gnome:networkmanager:1.7.2
-
cpe:2.3:a:gnome:networkmanager:1.7.91
-
cpe:2.3:a:gnome:networkmanager:1.7.92
-
cpe:2.3:a:gnome:networkmanager:1.8.0
-
cpe:2.3:a:gnome:networkmanager:1.8.2
-
cpe:2.3:a:gnome:networkmanager:1.8.4
-
cpe:2.3:a:gnome:networkmanager:1.8.6
-
cpe:2.3:a:gnome:networkmanager:1.8.8
-
cpe:2.3:a:gnome:networkmanager:1.9.2
-
cpe:2.3:a:gnome:networkmanager:1.9.3
-
cpe:2.3:a:gnome:networkmanager:1.9.90
-
cpe:2.3:o:canonical:ubuntu_linux:16.04