Lucene search

Debian Security Bug TrackerDEBIANCVE:CVE-2017-6590

HistoryMar 09, 2017 - 7:59 p.m.

CVE-2017-6590

2017-03-0919:59:00

Debian Security Bug Tracker

security-tracker.debian.org

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it’s easy to create one. Then, it’s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.

OSVersionArchitecturePackageVersionFilename
Debian12allnetwork-manager-applet<= 1.30.0-2network-manager-applet_1.30.0-2_all.deb
Debian11allnetwork-manager-applet<= 1.20.0-3network-manager-applet_1.20.0-3_all.deb
Debian999allnetwork-manager-applet<= 1.36.0-1network-manager-applet_1.36.0-1_all.deb
Debian13allnetwork-manager-applet<= 1.36.0-1network-manager-applet_1.36.0-1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	network-manager-applet	<= 1.30.0-2	network-manager-applet_1.30.0-2_all.deb
Debian	11	all	network-manager-applet	<= 1.20.0-3	network-manager-applet_1.20.0-3_all.deb
Debian	999	all	network-manager-applet	<= 1.36.0-1	network-manager-applet_1.36.0-1_all.deb
Debian	13	all	network-manager-applet	<= 1.36.0-1	network-manager-applet_1.36.0-1_all.deb

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

6.3

Attack Vector

PHYSICAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for DEBIANCVE:CVE-2017-6590