Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

DSA-1955-1 network-manager/network-manager-applet -- information disclosure

Related Vulnerabilities: CVE-2009-0365  

It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information. If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf file, then please make sure that you merge the changes from this fix when asked during upgrade. For the oldstable distribution (etch), this problem has been fixed in version 0.6.4-6+etch1 of network-manager. For the stable distribution (lenny), this problem has been fixed in version 0.6.6-4+lenny1 of network-manager-applet. For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.7.0.99-1 of network-manager-applet. We recommend that you upgrade your network-manager and network-manager-applet packages accordingly.

Source

Debian Security Advisory

DSA-1955-1 network-manager/network-manager-applet -- information disclosure

Date Reported:
16 Dec 2009
Affected Packages:
network-manager/network-manager-applet
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 519801.
In Mitre's CVE dictionary: CVE-2009-0365.
More information:

It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information.

If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf file, then please make sure that you merge the changes from this fix when asked during upgrade.

For the oldstable distribution (etch), this problem has been fixed in version 0.6.4-6+etch4 of network-manager.

For the stable distribution (lenny), this problem has been fixed in version 0.6.6-4+lenny1 of network-manager-applet.

For the testing distribution (squeeze) and the unstable distribution (sid), this problem has been fixed in version 0.7.0.99-1 of network-manager-applet.

We recommend that you upgrade your network-manager and network-manager-applet packages accordingly.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4.dsc
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4.diff.gz
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_alpha.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_amd64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_amd64.deb
HP Precision:
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_hppa.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_i386.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_ia64.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_mips.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_mips.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_powerpc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch4_sparc.deb
http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch4_sparc.deb

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz
Alpha:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_amd64.deb
HP Precision:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_ia64.deb
Big-endian MIPS:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mips.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_powerpc.deb
Sun Sparc:
http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_sparc.deb

MD5 checksums of the listed files are available in the original advisory.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started