CVE-2009-4145
Published: 23 December 2009
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Notes
| Author | Note |
|---|---|
| mdeslaur | reproducer in RH bug already fixed in 0.8 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
network-manager Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Needed
|
|
|
network-manager-applet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
(0.6.6-0ubuntu3.1)
|
|
| intrepid |
Released
(0.7~~svn20081020t000444-0ubuntu1.8.10.3)
|
|
| jaunty |
Released
(0.7.1~rc4.1-0ubuntu2.1)
|
|
| karmic |
Not vulnerable
(0.8~a~git.20091014t134532.4033e62-0ubuntu1)
|
|
| upstream |
Needed
|
|
|
Patches: upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894 upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2 upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8677b82ed7166a1c754aa9aab4e85123819ad545 |
||