CVE-2009-0365

2009-03-0502:30:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:C/I:N/A:N

EPSS

Percentile

10.1%

JSON

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

OSVersionArchitecturePackageVersionFilename
Debian12allnetwork-manager< 0.6.5-1network-manager_0.6.5-1_all.deb
Debian11allnetwork-manager< 0.6.5-1network-manager_0.6.5-1_all.deb
Debian999allnetwork-manager< 0.6.5-1network-manager_0.6.5-1_all.deb
Debian13allnetwork-manager< 0.6.5-1network-manager_0.6.5-1_all.deb
Debian12allnetwork-manager-applet< 0.7.0.99-1network-manager-applet_0.7.0.99-1_all.deb
Debian11allnetwork-manager-applet< 0.7.0.99-1network-manager-applet_0.7.0.99-1_all.deb
Debian999allnetwork-manager-applet< 0.7.0.99-1network-manager-applet_0.7.0.99-1_all.deb
Debian13allnetwork-manager-applet< 0.7.0.99-1network-manager-applet_0.7.0.99-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	network-manager	< 0.6.5-1	network-manager_0.6.5-1_all.deb
Debian	11	all	network-manager	< 0.6.5-1	network-manager_0.6.5-1_all.deb
Debian	999	all	network-manager	< 0.6.5-1	network-manager_0.6.5-1_all.deb
Debian	13	all	network-manager	< 0.6.5-1	network-manager_0.6.5-1_all.deb
Debian	12	all	network-manager-applet	< 0.7.0.99-1	network-manager-applet_0.7.0.99-1_all.deb
Debian	11	all	network-manager-applet	< 0.7.0.99-1	network-manager-applet_0.7.0.99-1_all.deb
Debian	999	all	network-manager-applet	< 0.7.0.99-1	network-manager-applet_0.7.0.99-1_all.deb
Debian	13	all	network-manager-applet	< 0.7.0.99-1	network-manager-applet_0.7.0.99-1_all.deb