CVE-2018-19636

Name of the Vulnerable Software and Affected Versions: Supportutils versions prior to 3.1-5.7.1

Description: The issue is related to insufficient input validation in the implementation of the ndspath command in the Supportutils package for SUSE Linux. This can allow an attacker to gain unauthorized access to protected information. If an attacker provides a malicious ndspath binary at an arbitrary location, it can be executed with root privileges when the Supportutils is run with the command line argument -A.

Recommendations: For versions prior to 3.1-5.7.1, update to version 3.1-5.7.1 or later to resolve the issue. As a temporary workaround, consider restricting the execution of the ndspath binary to trusted locations only, and avoid using the -A command line argument until the update is applied.