Lucene search
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.SL_20090325_NETWORKMANAGER_ON_SL4_X.NASLHistoryAug 01, 2012 - 12:00 a.m.
Scientific Linux Security Update : NetworkManager on SL4.x, SL5.x i386/x86_64
2012-08-0100:00:00
This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:C/A:C
EPSS
0
Percentile
10.1%
An information disclosure flaw was found in NetworkManagerβs D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365)
A potential denial of service flaw was found in NetworkManagerβs D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the systemβs network connection from functioning properly. (CVE-2009-0578)
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(60554);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2009-0365", "CVE-2009-0578");
script_name(english:"Scientific Linux Security Update : NetworkManager on SL4.x, SL5.x i386/x86_64");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"An information disclosure flaw was found in NetworkManager's D-Bus
interface. A local attacker could leverage this flaw to discover
sensitive information, such as network connection passwords and
pre-shared keys. (CVE-2009-0365)
A potential denial of service flaw was found in NetworkManager's D-Bus
interface. A local user could leverage this flaw to modify local
connection settings, preventing the system's network connection from
functioning properly. (CVE-2009-0578)"
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind0903&L=scientific-linux-errata&T=0&P=2984
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?e7b95413"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
script_set_attribute(attribute:"canvas_package", value:'CANVAS');
script_cwe_id(264);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"patch_publication_date", value:"2009/03/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2012/08/01");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL4", reference:"NetworkManager-0.3.1-5.el4")) flag++;
if (rpm_check(release:"SL4", reference:"NetworkManager-gnome-0.3.1-5.el4")) flag++;
if (rpm_check(release:"SL5", reference:"NetworkManager-0.7.0-4.el5_3")) flag++;
if (rpm_check(release:"SL5", reference:"NetworkManager-devel-0.7.0-4.el5_3")) flag++;
if (rpm_check(release:"SL5", reference:"NetworkManager-glib-0.7.0-4.el5_3")) flag++;
if (rpm_check(release:"SL5", reference:"NetworkManager-glib-devel-0.7.0-4.el5_3")) flag++;
if (rpm_check(release:"SL5", reference:"NetworkManager-gnome-0.7.0-4.el5_3")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
fedora
fedora
[SECURITY] Fedora 10 Update: knetworkmanager-0.7-0.8.20080926svn.fc10
2009-03-08 19:34:52
[SECURITY] Fedora 9 Update: NetworkManager-pptp-0.7.0.99-1.fc9
2009-03-08 19:32:04
[SECURITY] Fedora 10 Update: NetworkManager-0.7.0.99-1.fc10
2009-03-08 19:34:52
openvas
openvas
CentOS Update for NetworkManager CESA-2009:0361 centos5 i386
2011-08-09 00:00:00
RedHat Security Advisory RHSA-2009:0361
2009-03-31 00:00:00
SLES10: Security update for NetworkManager-gnome
2009-10-13 00:00:00
nessus
nessus
CentOS 4 : NetworkManager (CESA-2009:0362)
2009-05-26 00:00:00
openSUSE Security Update : ModemManager (ModemManager-564)
2009-07-21 00:00:00
SuSE 10 Security Update : NetworkManager-gnome (ZYPP Patch Number 6028)
2009-09-24 00:00:00
securityvulns
securityvulns
[USN-727-1] network-manager-applet vulnerabilities
2009-03-04 00:00:00
Gnome network-manager-applet unauthorized access
2010-01-17 00:00:00
[USN-727-2] NetworkManager vulnerability
2009-03-04 00:00:00
oraclelinux
oraclelinux
NetworkManager security update
2009-03-25 00:00:00
NetworkManager security update
2009-03-25 00:00:00
seebug
seebug
Ubuntu network-manager-appletιθ――ζιιεΆζΌζ΄
2009-03-06 00:00:00
ubuntu
ubuntu
network-manager-applet vulnerabilities
2009-03-03 00:00:00
NetworkManager vulnerability
2009-03-03 00:00:00
centos
centos
NetworkManager security update
2009-04-09 09:10:05
NetworkManager security update
2009-03-26 17:13:41
redhat
redhat
(RHSA-2009:0361) Moderate: NetworkManager security update
2009-03-25 00:00:00
(RHSA-2009:0362) Moderate: NetworkManager security update
2009-03-25 00:00:00
suse
suse
local privilege escalation in dbus-1, hal, NetworkManager, PackageKit, ...
2009-03-17 17:12:10
prion
prion
Design/Logic Flaw
2009-03-05 02:30:00
Design/Logic Flaw
2009-03-05 02:30:00
canvas
canvas
Immunity Canvas: NETWORKMANAGERUNSECRET
2009-03-05 02:30:00
osv
osv
network-manager network-manager-applet - information disclosure
2009-12-16 00:00:00
ubuntucve
ubuntucve
CVE-2009-0365
2009-03-05 00:00:00
CVE-2009-0578
2009-03-05 00:00:00
debian
debian
debiancve
debiancve
CVE-2009-0365
2009-03-05 02:30:00
CVE-2009-0578
2009-03-05 02:30:00
veracode
veracode
Information Disclosure
2020-04-10 00:31:47
Privilege Escalation
2020-04-10 00:31:48
cvelist
cvelist
CVE-2009-0365
2009-03-05 02:00:00
CVE-2009-0578
2009-03-05 02:00:00
nvd
nvd
CVE-2009-0365
2009-03-05 02:30:00
CVE-2009-0578
2009-03-05 02:30:00
cve
cve
CVE-2009-0365
2009-03-05 02:30:00
CVE-2009-0578
2009-03-05 02:30:00
CVSS2
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:S/C:N/I:C/A:C
EPSS
0
Percentile
10.1%
Related for SL_20090325_NETWORKMANAGER_ON_SL4_X.NASL