Lucene search
Gentoo FoundationGLSA-201205-02HistoryMay 15, 2012 - 12:00 a.m.
ConnMan: Multiple vulnerabilities
2012-05-1500:00:00
Gentoo Foundation
security.gentoo.org
14
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.084 Low
EPSS
Percentile
94.4%
Background
ConnMan provides a daemon for managing Internet connections.
Description
Multiple vulnerabilities have been found in ConnMan:
- Errors in inet.c and rtnl.c prevent ConnMan from checking the origin of netlink messages (CVE-2012-2320).
- ConnMan does not properly check for shell escapes when requesting a hostname via DHCP (CVE-2012-2321).
- An infinite loop error exists in client.c (CVE-2012-2322).
Impact
A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All ConnMan users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/connman-1.0-r1"
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Gentoo | any | all | net-misc/connman | < 1.0-r1 | UNKNOWN |
Related
openvas
openvas
Gentoo Security Advisory GLSA 201205-02 (ConnMan)
2012-05-31 00:00:00
Gentoo Security Advisory GLSA 201205-02 (ConnMan)
2012-05-31 00:00:00
nessus
nessus
GLSA-201205-02 : ConnMan: Multiple vulnerabilities
2012-06-21 00:00:00
prion
prion
Design/Logic Flaw
2012-05-18 22:55:00
Integer overflow
2012-05-18 22:55:00
Design/Logic Flaw
2012-05-18 22:55:00
nvd
nvd
debiancve
debiancve
cvelist
cvelist
cve
cve
ubuntucve
ubuntucve
10 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.084 Low
EPSS
Percentile
94.4%
Related for GLSA-201205-02