Published: 05/03/2009 Updated: 29/09/2017

CVSS v2 Base Score: 4.6 | Impact Score: 6.9 | Exploitability Score: 3.1

VMScore: 409

Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N

nm-applet.conf in GNOME NetworkManager prior to 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

Vulnerable Product	Search on Vulmon	Subscribe to Product
ubuntu ubuntu linux 6.06
ubuntu ubuntu linux 8.10
ubuntu ubuntu linux 7.10
ubuntu ubuntu linux 8.04

Debian Bug report logs - #519801 CVE-2009-0365, CVE-2009-0578 Package: network-manager-applet; Maintainer for network-manager-applet is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: Giuseppe Iuculano <giuseppe@iuculanoit> Date: Sun, 15 Mar 2009 10:42:01 UTC Severity: serious ...

Synopsis Moderate: NetworkManager security update Type/Severity Security Advisory: Moderate Topic Updated NetworkManager packages that fix a security issue are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team ...

Synopsis Moderate: NetworkManager security update Type/Severity Security Advisory: Moderate Topic Updated NetworkManager packages that fix two security issues are nowavailable for Red Hat Enterprise Linux 5This update has been rated as having moderate security impact by the RedHat Security Response Team ...

USN-727-1 fixed vulnerabilities in network-manager-applet This advisory provides the corresponding updates for NetworkManager ...

It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus requests A local user could perform dbus queries to view other users’ network connection passwords and pre-shared keys (CVE-2009-0365) ...

It was discovered that network-manager-applet, a network management framework, lacks some dbus restriction rules, which allows local users to obtain sensitive information If you have locally modified the /etc/dbus-1/systemd/nm-appletconf file, then please make sure that you merge the changes from this fix when asked during upgrade For the oldst ...

CWE-264 http://www.ubuntu.com/usn/USN-727-2 http://www.ubuntu.com/usn/USN-727-1 http://www.securityfocus.com/bid/33966 http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html http://www.redhat.com/support/errata/RHSA-2009-0362.html http://secunia.com/advisories/34177 http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207 http://www.securitytracker.com/id?1021908 http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207 http://securitytracker.com/id?1021911 https://bugzilla.redhat.com/show_bug.cgi?id=487722 http://securitytracker.com/id?1021910 http://secunia.com/advisories/34473 http://www.redhat.com/support/errata/RHSA-2009-0361.html https://bugzilla.redhat.com/show_bug.cgi?id=487752 http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.debian.org/security/2009/dsa-1955 http://secunia.com/advisories/34067 https://exchange.xforce.ibmcloud.com/vulnerabilities/49062 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519801 https://nvd.nist.gov https://usn.ubuntu.com/727-2/

CVE-2009-0365

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect