[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-0365Date: (C)2009-03-04   (M)2023-12-22


nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.6
Exploit Score: 3.1
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: SINGLE
Confidentiality: COMPLETE
Integrity: NONE
Availability: NONE
  
Reference:
SECTRACK-1021908
SECTRACK-1021910
SECTRACK-1021911
BID-33966
SECUNIA-34067
SECUNIA-34177
SECUNIA-34473
DSA-1955
RHSA-2009:0361
RHSA-2009:0362
SUSE-SA:2009:013
SUSE-SR:2009:009
USN-727-1
USN-727-2
http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207
http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207
https://bugzilla.redhat.com/show_bug.cgi?id=487722
https://bugzilla.redhat.com/show_bug.cgi?id=487752
networkmanager-dbus-info-disclosure(49062)
oval:org.mitre.oval:def:10828

CPE    2
cpe:/o:ubuntu:ubuntu_linux:8.10
cpe:/o:ubuntu:ubuntu_linux:7.10
CWE    1
CWE-264
OVAL    23
oval:org.secpod.oval:def:400083
oval:org.secpod.oval:def:101933
oval:org.secpod.oval:def:101556
oval:org.secpod.oval:def:101654
...

© SecPod Technologies