Lucene search

GoogleOSV:DSA-1955-1

HistoryDec 16, 2009 - 12:00 a.m.

network-manager network-manager-applet - information disclosure

2009-12-1600:00:00

Google

osv.dev

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:C/I:N/A:N

JSON

It was discovered that network-manager-applet, a network management
framework, lacks some dbus restriction rules, which allows local users
to obtain sensitive information.

If you have locally modified the /etc/dbus-1/system.d/nm-applet.conf
file, then please make sure that you merge the changes from this fix
when asked during upgrade.

For the oldstable distribution (etch), this problem has been fixed in
version 0.6.4-6+etch1 of network-manager.

For the stable distribution (lenny), this problem has been fixed in
version 0.6.6-4+lenny1 of network-manager-applet.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 0.7.0.99-1 of
network-manager-applet.

We recommend that you upgrade your network-manager and
network-manager-applet packages accordingly.

CPENameOperatorVersion
network-manager-appleteq0.6.6-4

CPE	Name	Operator	Version
	network-manager-applet	eq	0.6.6-4

References

www.debian.org/security/2009/dsa-1955

4.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:S/C:C/I:N/A:N

JSON

Related for OSV:DSA-1955-1