Vulnerability Description
GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 8.10 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/34067
- http://secunia.com/advisories/34473
- http://www.redhat.com/support/errata/RHSA-2009-0361.html
- http://www.securityfocus.com/bid/33966
- http://www.securitytracker.com/id?1021909
- http://www.ubuntu.com/usn/USN-727-1Vendor Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=487752
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49063
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
- http://secunia.com/advisories/34067
- http://secunia.com/advisories/34473
FAQ
What is CVE-2009-0578?
CVE-2009-0578 is a vulnerability with a CVSS score of 6.2 (MEDIUM). GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary ...
How severe is CVE-2009-0578?
CVE-2009-0578 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0578?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux.