Published: 17/07/2017 Updated: 21/07/2017
CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9
CVSS v3 Base Score: 6.2 | Impact Score: 3.6 | Exploitability Score: 2.5
VMScore: 187
Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Summary

Race condition in Network Manager prior to 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

Vulnerability Trend

Affected Products

Vendor Product Versions
RedhatNetwork Manager1.0.8

Vendor Advisories

Debian Bug report logs - #820354 network-manager: CVE-2016-0764: Race conditions that could disclose connection secrets to authenticated local users Package: src:network-manager; Maintainer for src:network-manager is Utopia Maintenance Team <pkg-utopia-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso &l ...
A race condition vulnerability was discovered in NetworkManager Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys ...
Oracle Linux Bulletin - October 2016 Description The Oracle Linux Bulletin lists all CVEs that had been resolved and announced in Oracle Linux Security Advisories (ELSA) in the last one month prior to the release of the bulletin Oracle Linux Bulletins are published on the same day as Oracle Critical ...