[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4145Date: (C)2009-12-23   (M)2023-12-22


nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 2.1
Exploit Score: 3.9
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
BID-37580
SECUNIA-37819
SECUNIA-38420
RHSA-2010:0108
SUSE-SR:2010:002
http://www.openwall.com/lists/oss-security/2009/12/16/3
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894
https://bugzilla.redhat.com/show_bug.cgi?id=546117
networkmanager-nmconnectioneditor-info-disc(54898)
oval:org.mitre.oval:def:10539

CWE    1
CWE-200
OVAL    4
oval:org.secpod.oval:def:700176
oval:org.secpod.oval:def:201920
oval:org.secpod.oval:def:201848
oval:org.secpod.oval:def:500461
...

© SecPod Technologies