Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3364

Overview

Vulnerability Score 6.9 6.9
CVE Id CVE-2011-3364
Last Modified 18 Jan 2012 10:59:28
Published 04 Nov 2011 05:55:03
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3364

Summary

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Vulnerable Systems

Application

  • Gnome Ifcfg-rh Plug-in


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=737338

MISC - http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/

REDHAT - RHSA-2011:1338

FEDORA - FEDORA-2011-13425

MANDRIVA - MDVSA-2011:171


Last Updated: 27 May 2016 10:57:22