[Secure-testing-team] Bug#519801: CVE-2009-0365, CVE-2009-0578
Giuseppe Iuculano
giuseppe at iuculano.it
Sun Mar 15 10:40:21 UTC 2009
Package: network-manager-applet
Version: 0.6.6-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for network-manager-applet:
CVE-2009-0365[1]:
The dbus request handler in (1) network-manager-applet and (2)
NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not
properly verify privileges, which allows local users to discover (a)
network connection passwords and (b) pre-shared keys via unspecified
queries.
CVE-2009-0578[2]:
network-manager-applet in Ubuntu 8.10 does not properly verify
privileges for dbus (1) modify and (2) delete requests, which allows
local users to change or remove the network connections of arbitrary
users via unspecified vectors.
These are already fixed in unstable, but I guess this should be fixed in
stable as well.
[1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
[2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl
AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6
=9LWP
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list