Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2011-3364
HistoryNov 04, 2011 - 12:00 a.m.

CVE-2011-3364

2011-11-0400:00:00
ubuntu.com
ubuntu.com
9

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

JSON

Incomplete blacklist vulnerability in the svEscape function in
settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
PolicyKit is configured to allow users to create new connections, allows
local users to execute arbitrary commands via a newline character in the
name for a new network connection, which is not properly handled when
writing to the ifcfg file.

Bugs

Notes

Author Note
mdeslaur This is for the redhat-specific plugin, but we need to check if the debian plugin has the same flaw, as it may be based on the same code We don’t look vulnerable to this, and embedded newline chars seem to be handled correctly.

Related

nessus 7
redhat 1
openvas 9
cvelist 1
cve 1
debiancve 1
oraclelinux 1
prion 1
fedora 3
veracode 1
nvd 1
nessus
nessus
Oracle Linux 6 : NetworkManager (ELSA-2011-1338)
2013-07-12 00:00:00
Scientific Linux Security Update : NetworkManager on SL6.x i386/x86_64
2012-08-01 00:00:00
RHEL 6 : NetworkManager (RHSA-2011:1338)
2011-09-27 00:00:00
redhat
redhat
(RHSA-2011:1338) Moderate: NetworkManager security update
2011-09-26 00:00:00
openvas
openvas
RedHat Update for NetworkManager RHSA-2011:1338-01
2012-07-09 00:00:00
RedHat Update for NetworkManager RHSA-2011:1338-01
2012-07-09 00:00:00
Fedora Update for NetworkManager FEDORA-2011-13401
2011-10-10 00:00:00
cvelist
cvelist
CVE-2011-3364
2011-11-04 21:00:00
cve
cve
CVE-2011-3364
2011-11-04 21:55:03
debiancve
debiancve
CVE-2011-3364
2011-11-04 21:55:03
oraclelinux
oraclelinux
NetworkManager security update
2011-09-26 00:00:00
prion
prion
Design/Logic Flaw
2011-11-04 21:55:00
fedora
fedora
[SECURITY] Fedora 16 Update: NetworkManager-0.9.1.90-3.git20110927.fc16
2011-09-30 19:31:09
[SECURITY] Fedora 14 Update: NetworkManager-0.8.5.92-1.git20110927.fc14
2011-10-08 18:02:34
[SECURITY] Fedora 15 Update: NetworkManager-0.9.1.90-1.git20110927.fc15
2011-09-29 23:30:32
veracode
veracode
Privilege Escalation
2020-04-10 01:05:41
nvd
nvd
CVE-2011-3364
2011-11-04 21:55:03

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

5.1%

JSON
Related for UB:CVE-2011-3364
nessus7redhat1openvas9cvelist1cve1debiancve1oraclelinux1prion1fedora3veracode1nvd1