Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0365

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2009-0365
Last Modified 21 Aug 2010 01:30:12
Published 04 Mar 2009 09:30:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0365

Summary

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

Vulnerable Systems

Operating System

  • Ubuntu Linux 6.06

  • Ubuntu Linux 7.10

  • Ubuntu Linux 8.04

  • Ubuntu Linux 8.10


References

BID - 33966

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487752

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=487722

XF - networkmanager-dbus-info-disclosure(49062)

UBUNTU - USN-727-2

UBUNTU - USN-727-1

SECTRACK - 1021908

REDHAT - RHSA-2009:0362

REDHAT - RHSA-2009:0361

DEBIAN - DSA-1955

CONFIRM - http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207

CONFIRM - http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207

SECTRACK - 1021911

SECTRACK - 1021910

SECUNIA - 34473

SECUNIA - 34177

SECUNIA - 34067

SUSE - SUSE-SR:2009:009

SUSE - SUSE-SA:2009:013

Related Patches

Novell SUSE 2009:6026 NetworkManager-kde security update for SLE 10 SP2 i586

Novell SUSE 2009:6027 NetworkManager security update for SLE 10 SP2 i586

Novell SUSE 2009:6028 NetworkManager-gnome security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:13