Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-1943

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2011-1943
Last Modified 06 Sep 2011 11:16:48
Published 14 Jun 2011 01:55:05
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2011-1943

Summary

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Systems

Operating System

  • Redhat Fedora 15

Application

  • Fedoraproject Libnm-util 0.8.999-3.git20110526

  • Fedoraproject Networkmanager


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=708876

CONFIRM - http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6

XF - networkmanager-secret-info-disclosure(68057)

MLIST - [oss-security] 20110531 Re: CVE request: NetworkManager-openvpn logs cert password

MLIST - [oss-security] 20110531 CVE request: NetworkManager-openvpn logs cert password

FEDORA - FEDORA-2011-7919


Last Updated: 27 May 2016 10:56:52