Vulnerability Description
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 6.06 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/34067
- http://secunia.com/advisories/34177
- http://secunia.com/advisories/34473
- http://securitytracker.com/id?1021910
- http://securitytracker.com/id?1021911
- http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&
- http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207
- http://www.debian.org/security/2009/dsa-1955
- http://www.redhat.com/support/errata/RHSA-2009-0361.html
- http://www.redhat.com/support/errata/RHSA-2009-0362.html
- http://www.securityfocus.com/bid/33966Patch
- http://www.securitytracker.com/id?1021908
- http://www.ubuntu.com/usn/USN-727-1Vendor Advisory
FAQ
What is CVE-2009-0365?
CVE-2009-0365 is a vulnerability with a CVSS score of 4.6 (MEDIUM). nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to th...
How severe is CVE-2009-0365?
CVE-2009-0365 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0365?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux.