[原文]Missing escaping of ESSID values in sysconfig of SUSE Linux Enterprise allows attackers controlling an access point to cause execute arbitrary code. Affected releases are sysconfig prior to 0.83.7-2.1.
SUSE sysconfig contains a flaw related to the ifup-services script. The issue is due to certain shell meta-characters not being stripped or escaped when connecting to a WiFi access point. With a specially crafted SSID, a remote attacker can potentially execute arbitrary shell commands.
Currently, there are no known workarounds or upgrades to correct this issue. However, SUSE has released a patch to address this vulnerability. Check the vendor changelog in the references section.