Giuseppe Iuculano
2009-Mar-15 10:40 UTC
[Secure-testing-team] Bug#519801: CVE-2009-0365, CVE-2009-0578
Package: network-manager-applet Version: 0.6.6-4 Severity: serious Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for network-manager-applet: CVE-2009-0365[1]: The dbus request handler in (1) network-manager-applet and (2) NetworkManager in Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10 does not properly verify privileges, which allows local users to discover (a) network connection passwords and (b) pre-shared keys via unspecified queries. CVE-2009-0578[2]: network-manager-applet in Ubuntu 8.10 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors. These are already fixed in unstable, but I guess this should be fixed in stable as well. [1]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365 [2]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0578 Cheers, Giuseppe. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkm82w4ACgkQNxpp46476ap+ywCfdgKlbQPrEDto0zx/YuEWQRfl AnEAoIEp5CEhzHYO8Xmft4d8AjX/7hs6 =9LWP -----END PGP SIGNATURE-----