Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Advisory Watch: February 27th, 2015
Linux Security Week: February 23rd, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Ubuntu: NetworkManager vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory provides the corresponding updates for NetworkManager. It was discovered that NetworkManager did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view system and user network connection passwords and pre-shared keys.
Ubuntu Security Notice USN-727-2             March 03, 2009
network-manager vulnerability

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  network-manager-gnome           0.6.2-0ubuntu7.1

Ubuntu 8.10:
  network-manager                 0.7~~svn20081018t105859-0ubuntu1.8.10.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory
provides the corresponding updates for NetworkManager.

It was discovered that NetworkManager did not properly enforce permissions when
responding to dbus requests. A local user could perform dbus queries to view
system and user network connection passwords and pre-shared keys.

Updated packages for Ubuntu 6.06 LTS:

  Source archives:
      Size/MD5:    34743 600cb7e8502953d66ee115db7f80e7e8
      Size/MD5:     1055 c5fa9f57b9b4885fc22701b2a194d4ae
      Size/MD5:  1020184 dd5d54e70d34320d302366b74a46dbb2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   121858 1091f4d13eb137d9642f869e948aa078
      Size/MD5:   127252 e57037d3d5e033c22acdf6790bd5a332
      Size/MD5:   117516 5ad2a4f299e1e8817a8738185a2c017e
      Size/MD5:   383806 652ac19c650545cfacda8b8088288b08
      Size/MD5:   105282 d76a91263f62e38d9cc491525bb92d6a
      Size/MD5:   315080 1b4411682db55d1ba47f89e359cf46d4
      Size/MD5:   252418 ecd413af32b6ca0624977221b654537f
      Size/MD5:   246526 c54e60f980ca55b3011db2a338bb76f4
      Size/MD5:   111916 042e88f2641e83f128c46da7075163a8
      Size/MD5:   116148 ea0a66b60676105aadf9d02b98b421b9
      Size/MD5:   111194 619323f4f567215ef769b442f3017546

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:   120794 e5509d2e13cf7d1c9bdcebafb106c25b
      Size/MD5:   120694 bf4587855de9b0583261fbac9dc7fcaf
      Size/MD5:   116584 b1a080871e2e129d98eef605127ce204
      Size/MD5:   344318 ae65186e75641ebec2b727e94d30c7c2
      Size/MD5:   105284 cc1442a71b1a094bc83da1cf5bab16c4
      Size/MD5:   287922 922c4210cbc75cd3bdb44ff0b3079114
      Size/MD5:   240778 d2d4c1540a359fe98c1c7772b4c017c7
      Size/MD5:   227720 4010298ffdebc042822509f15f0bb546
      Size/MD5:   110910 e8c43189983fb32c8acf7f2d0d9fa14d
      Size/MD5:   114384 1ba62785c9140ecd3089b245d0810c6d
      Size/MD5:   109904 66ee6b1be8fbd94e8efb2b7f107830a1

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   123122 1a6f1e635c3dc77cc22bdfd7bb60bc11
      Size/MD5:   127272 0210f69f718d82ece63aed25e74d402b
      Size/MD5:   119154 88c0decef4748240a22b09154f141616
      Size/MD5:   379006 e2c84cd5f803d99f8d41c817375098c8
      Size/MD5:   105290 c69253d41131324fa18f7e0e759d9202
      Size/MD5:   307174 adeffed37388baa98cdf56edbce1ed84
      Size/MD5:   246574 e57477ee9b34ac26987b8ba70343f112
      Size/MD5:   241916 f069122433b555d066510821cfcc0d0b
      Size/MD5:   112090 03dbe4aaf71c5836296f627ae7bad604
      Size/MD5:   116776 efc5f6e58a3a479d0edc36b102e34e69
      Size/MD5:   111912 c860c571d36875ff394d24a8ecbcb317

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   123078 189c7233442448f0b9d42f6ccc9d65a7
      Size/MD5:   122076 f7534c8a43b2b8b6b0b1125f60f70e52
      Size/MD5:   118472 ea1c7f1bfc59384ce03875fe980b14dc
      Size/MD5:   340152 294d1c6ac8e1f96681b084c5ff4432ea
      Size/MD5:   105284 e0a0e396ac51ca61d3a8d4009dbd8378
      Size/MD5:   286406 1515545d5f8479c2b4dd9a9781ca80bf
      Size/MD5:   240640 53c83f717806730239346aadb092128c
      Size/MD5:   230482 c2cd805ee8d49605628049cc2085a1cf
      Size/MD5:   111890 be5c94248904858e4d02c941c1419b7c
      Size/MD5:   114498 5a5b1e42901b5b48d5ea9add28420f57
      Size/MD5:   110476 cb0ad802dcfd9293220d86884e00b45a

Updated packages for Ubuntu 8.10:

  Source archives:
      Size/MD5:    53080 0f19cb4cbb0bfdab4ca52e9b9c73cb12
      Size/MD5:     1844 0f0437a7643d7d9666a98b34eb1c6948
      Size/MD5:  1212180 69beaf9748236aa52b10171260089eab

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):
      Size/MD5:   112584 830c5716079c81073e010497412b2d48
      Size/MD5:    62498 611af9f6d4c3e2b0d785a777bb30e149
      Size/MD5:    77692 591bd10891213c11296705dbc1e73d0b
      Size/MD5:    77264 2821140fb2f561650962866e147ecf1b
      Size/MD5:     6356 6850c4113c56037851a42e6b706dd7d8
      Size/MD5:   290368 cb39ed7239bece30200f13f4d7300ca6

  i386 architecture (x86 compatible Intel/AMD):
      Size/MD5:    98336 be6f99056369a30d57df9ff0240eeef5
      Size/MD5:    55008 a869f6812bc638821d11a3cc044fec2f
      Size/MD5:    66950 bfa354627928981f817742918735918e
      Size/MD5:    72056 b2093f43d1ce34cc3e5624e602d321c3
      Size/MD5:     6354 fe0716a4d4bcbbc03b2fd8acc06e913e
      Size/MD5:   263832 54b49d875cbeadd055e4ee7a9ce9219a

  lpia architecture (Low Power Intel Architecture):
      Size/MD5:    97636 bba139127632134dd61918e386cff27d
      Size/MD5:    52826 b52a1cf3fdfc5e7b2eefb4407eb768a1
      Size/MD5:    66264 39caaf9daa21e5941ed232caae184660
      Size/MD5:    70742 93cefabc57ba5a3253f5795e13023a9a
      Size/MD5:     6362 ef1f2fcb9de3a441faa97a496cdeeffe
      Size/MD5:   259708 ab41d397cf87f04dca4631ba9570393a

  powerpc architecture (Apple Macintosh G3/G4/G5):
      Size/MD5:   111880 719ce51233b96a89de6c55250a21a82b
      Size/MD5:    62218 ca9910877eddbc1aedc8c1c59ccc1fe8
      Size/MD5:    81850 2eddceb9dc6f356759bdc0989e02b9aa
      Size/MD5:    79320 46fc422fa935e1e608a34e0fd41691f2
      Size/MD5:     6358 ed0c910660a9f86bb9e33cc50bb76bf7
      Size/MD5:   297306 e787cc3e105e34a1a703f9323e712099

  sparc architecture (Sun SPARC/UltraSPARC):
      Size/MD5:   104144 0c4f78e6bab71a11c1e1540266512169
      Size/MD5:    56428 f368a9c8694eaaed9e91db1efec4ffb1
      Size/MD5:    72740 1567dfe6b161af503c63d0eef70c930c
      Size/MD5:    73998 3473cc4be864c95a054bb7608c32d7a0
      Size/MD5:     6362 ad5c2d9d34043867d6407caac1731f87
      Size/MD5:   265632 b292daa57f5178e7a88651eb9e133d7a

< Prev   Next >


Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
DDoS Exploit Targets Open Source Rejetto HFS
Gemalto Confirms It Was Hacked But Insists the NSA Didnít Get Its Crypto Keys
Hackers exploit router flaws in unusual pharming attack
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.