NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name

🗓️ 26 Sep 2011 18:43:00Reported by RedHatType

redhat

redhat🔗 access.redhat.com👁 1 Views

NetworkManager flaw lets local users execute commands via newline in a new connection name when PolicyKit permits creation.

Reporter	Title	Published	Views	Family All 41
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
BDU FSTEC	The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.	28 Apr 201500:00	–	bdu_fstec
CVE	CVE-2011-3364	4 Nov 201121:00	–	cve
Cvelist	CVE-2011-3364	4 Nov 201121:00	–	cvelist
Debian CVE	CVE-2011-3364	4 Nov 201121:00	–	debiancve
Oracle linux	NetworkManager security update	26 Sep 201100:00	–	oraclelinux

OS	OS Version	Architecture	Package	Package Version	Filename
Red Hat Enterprise Linux	6	i686	networkmanager	1:0.8.1-9.el6_1.3	NetworkManager-1:0.8.1-9.el6_1.3.i686.rpm
Red Hat Enterprise Linux	6	ppc64	networkmanager	1:0.8.1-9.el6_1.3	NetworkManager-1:0.8.1-9.el6_1.3.ppc64.rpm
Red Hat Enterprise Linux	6	s390x	networkmanager	1:0.8.1-9.el6_1.3	NetworkManager-1:0.8.1-9.el6_1.3.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	networkmanager	1:0.8.1-9.el6_1.3	NetworkManager-1:0.8.1-9.el6_1.3.x86_64.rpm
Red Hat Enterprise Linux	6	i686	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.i686.rpm
Red Hat Enterprise Linux	6	ppc	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.ppc.rpm
Red Hat Enterprise Linux	6	ppc64	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.ppc64.rpm
Red Hat Enterprise Linux	6	s390	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.s390.rpm
Red Hat Enterprise Linux	6	s390x	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.s390x.rpm
Red Hat Enterprise Linux	6	x86_64	networkmanager-debuginfo	1:0.8.1-9.el6_1.3	NetworkManager-debuginfo-1:0.8.1-9.el6_1.3.x86_64.rpm

Source	Link
access	www.access.redhat.com/security/cve/CVE-2011-3364
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
nvd	www.nvd.nist.gov/vuln/detail/CVE-2011-3364
cve	www.cve.org/CVERecord

21 Nov 2025 17:39Current

7.6High risk

Vulners AI Score7.6

CVSS 26.9

EPSS0.00087

networkmanager newline vulnerability ifcfg rh plugin svEscape function policykit permissions