CentOS Errata and Security Advisory CESA-2009:0362
NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times.
An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365)
Red Hat would like to thank Ludwig Nussel for responsibly reporting this flaw.
NetworkManager users should upgrade to these updated packages, which contain a backported patch that corrects this issue.
Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2009-March/015699.html http://lists.centos.org/pipermail/centos-announce/2009-May/015904.html http://lists.centos.org/pipermail/centos-announce/2009-May/015905.html
Affected packages: NetworkManager NetworkManager-gnome
Upstream details at: https://rhn.redhat.com/errata/RHSA-2009-0362.html