LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: December 22nd, 2014
Linux Advisory Watch: December 19th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: NetworkManager vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory provides the corresponding updates for NetworkManager. It was discovered that NetworkManager did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view system and user network connection passwords and pre-shared keys.
===========================================================
Ubuntu Security Notice USN-727-2             March 03, 2009
network-manager vulnerability
CVE-2009-0365
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  network-manager-gnome           0.6.2-0ubuntu7.1

Ubuntu 8.10:
  network-manager                 0.7~~svn20081018t105859-0ubuntu1.8.10.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory
provides the corresponding updates for NetworkManager.

It was discovered that NetworkManager did not properly enforce permissions when
responding to dbus requests. A local user could perform dbus queries to view
system and user network connection passwords and pre-shared keys.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1.diff.gz
      Size/MD5:    34743 600cb7e8502953d66ee115db7f80e7e8
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1.dsc
      Size/MD5:     1055 c5fa9f57b9b4885fc22701b2a194d4ae
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2.orig.tar.gz
      Size/MD5:  1020184 dd5d54e70d34320d302366b74a46dbb2

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   121858 1091f4d13eb137d9642f869e948aa078
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0-dbg_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   127252 e57037d3d5e033c22acdf6790bd5a332
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   117516 5ad2a4f299e1e8817a8738185a2c017e
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dbg_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   383806 652ac19c650545cfacda8b8088288b08
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   105282 d76a91263f62e38d9cc491525bb92d6a
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome-dbg_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   315080 1b4411682db55d1ba47f89e359cf46d4
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   252418 ecd413af32b6ca0624977221b654537f
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   246526 c54e60f980ca55b3011db2a338bb76f4
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib-dev_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   111916 042e88f2641e83f128c46da7075163a8
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0-dbg_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   116148 ea0a66b60676105aadf9d02b98b421b9
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0_0.6.2-0ubuntu7.1_amd64.deb
      Size/MD5:   111194 619323f4f567215ef769b442f3017546

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   120794 e5509d2e13cf7d1c9bdcebafb106c25b
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0-dbg_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   120694 bf4587855de9b0583261fbac9dc7fcaf
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   116584 b1a080871e2e129d98eef605127ce204
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dbg_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   344318 ae65186e75641ebec2b727e94d30c7c2
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   105284 cc1442a71b1a094bc83da1cf5bab16c4
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome-dbg_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   287922 922c4210cbc75cd3bdb44ff0b3079114
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   240778 d2d4c1540a359fe98c1c7772b4c017c7
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   227720 4010298ffdebc042822509f15f0bb546
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib-dev_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   110910 e8c43189983fb32c8acf7f2d0d9fa14d
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0-dbg_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   114384 1ba62785c9140ecd3089b245d0810c6d
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0_0.6.2-0ubuntu7.1_i386.deb
      Size/MD5:   109904 66ee6b1be8fbd94e8efb2b7f107830a1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   123122 1a6f1e635c3dc77cc22bdfd7bb60bc11
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0-dbg_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   127272 0210f69f718d82ece63aed25e74d402b
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   119154 88c0decef4748240a22b09154f141616
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dbg_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   379006 e2c84cd5f803d99f8d41c817375098c8
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   105290 c69253d41131324fa18f7e0e759d9202
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome-dbg_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   307174 adeffed37388baa98cdf56edbce1ed84
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   246574 e57477ee9b34ac26987b8ba70343f112
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   241916 f069122433b555d066510821cfcc0d0b
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib-dev_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   112090 03dbe4aaf71c5836296f627ae7bad604
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0-dbg_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   116776 efc5f6e58a3a479d0edc36b102e34e69
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0_0.6.2-0ubuntu7.1_powerpc.deb
      Size/MD5:   111912 c860c571d36875ff394d24a8ecbcb317

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   123078 189c7233442448f0b9d42f6ccc9d65a7
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0-dbg_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   122076 f7534c8a43b2b8b6b0b1125f60f70e52
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   118472 ea1c7f1bfc59384ce03875fe980b14dc
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dbg_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   340152 294d1c6ac8e1f96681b084c5ff4432ea
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   105284 e0a0e396ac51ca61d3a8d4009dbd8378
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome-dbg_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   286406 1515545d5f8479c2b4dd9a9781ca80bf
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-gnome_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   240640 53c83f717806730239346aadb092128c
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   230482 c2cd805ee8d49605628049cc2085a1cf
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib-dev_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   111890 be5c94248904858e4d02c941c1419b7c
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0-dbg_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   114498 5a5b1e42901b5b48d5ea9add28420f57
    http://security.ubuntu.com/ubuntu/pool/universe/n/network-manager/libnm-glib0_0.6.2-0ubuntu7.1_sparc.deb
      Size/MD5:   110476 cb0ad802dcfd9293220d86884e00b45a

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2.diff.gz
      Size/MD5:    53080 0f19cb4cbb0bfdab4ca52e9b9c73cb12
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2.dsc
      Size/MD5:     1844 0f0437a7643d7d9666a98b34eb1c6948
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859.orig.tar.gz
      Size/MD5:  1212180 69beaf9748236aa52b10171260089eab

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-glib-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:   112584 830c5716079c81073e010497412b2d48
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-glib0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:    62498 611af9f6d4c3e2b0d785a777bb30e149
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:    77692 591bd10891213c11296705dbc1e73d0b
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:    77264 2821140fb2f561650962866e147ecf1b
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:     6356 6850c4113c56037851a42e6b706dd7d8
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:   290368 cb39ed7239bece30200f13f4d7300ca6

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-glib-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:    98336 be6f99056369a30d57df9ff0240eeef5
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-glib0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:    55008 a869f6812bc638821d11a3cc044fec2f
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:    66950 bfa354627928981f817742918735918e
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/libnm-util0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:    72056 b2093f43d1ce34cc3e5624e602d321c3
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:     6354 fe0716a4d4bcbbc03b2fd8acc06e913e
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2_i386.deb
      Size/MD5:   263832 54b49d875cbeadd055e4ee7a9ce9219a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:    97636 bba139127632134dd61918e386cff27d
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:    52826 b52a1cf3fdfc5e7b2eefb4407eb768a1
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:    66264 39caaf9daa21e5941ed232caae184660
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:    70742 93cefabc57ba5a3253f5795e13023a9a
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:     6362 ef1f2fcb9de3a441faa97a496cdeeffe
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:   259708 ab41d397cf87f04dca4631ba9570393a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:   111880 719ce51233b96a89de6c55250a21a82b
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:    62218 ca9910877eddbc1aedc8c1c59ccc1fe8
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:    81850 2eddceb9dc6f356759bdc0989e02b9aa
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:    79320 46fc422fa935e1e608a34e0fd41691f2
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:     6358 ed0c910660a9f86bb9e33cc50bb76bf7
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:   297306 e787cc3e105e34a1a703f9323e712099

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:   104144 0c4f78e6bab71a11c1e1540266512169
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-glib0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:    56428 f368a9c8694eaaed9e91db1efec4ffb1
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:    72740 1567dfe6b161af503c63d0eef70c930c
    http://ports.ubuntu.com/pool/main/n/network-manager/libnm-util0_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:    73998 3473cc4be864c95a054bb7608c32d7a0
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager-dev_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:     6362 ad5c2d9d34043867d6407caac1731f87
    http://ports.ubuntu.com/pool/main/n/network-manager/network-manager_0.7~~svn20081018t105859-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:   265632 b292daa57f5178e7a88651eb9e133d7a



 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Weekend Edition
Report: U.S. planning “proportional response” to Sony hack, blamed on North Korea
Heartbleed, Shellshock, Tor and more: The 13 biggest security stories of 2014
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.