network-manager-applet vulnerabilities

2009-03-0300:00:00

ubuntu.com

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:S/C:N/I:C/A:C

AI Score

Confidence

Low

EPSS

Percentile

10.1%

JSON

Releases

Ubuntu 8.10
Ubuntu 8.04
Ubuntu 7.10

Packages

network-manager-applet -

Details

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users’ network connection passwords and pre-shared keys.
(CVE-2009-0365)

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
could use dbus to modify or delete other users’ network connections. This issue
only applied to Ubuntu 8.10. (CVE-2009-0578)

OSVersionArchitecturePackageVersionFilename
Ubuntu8.10noarchnetwork-manager-gnome< 0.7~~svn20081020t000444-0ubuntu1.8.10.2UNKNOWN
Ubuntu8.04noarchnetwork-manager-gnome< 0.6.6-0ubuntu3.1UNKNOWN
Ubuntu7.10noarchnetwork-manager-gnome< 0.6.5-0ubuntu11~7.10.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	8.10	noarch	network-manager-gnome	< 0.7~~svn20081020t000444-0ubuntu1.8.10.2	UNKNOWN
Ubuntu	8.04	noarch	network-manager-gnome	< 0.6.6-0ubuntu3.1	UNKNOWN
Ubuntu	7.10	noarch	network-manager-gnome	< 0.6.5-0ubuntu11~7.10.1	UNKNOWN