LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Security Week: April 7th, 2014
Linux Advisory Watch: April 4th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Mandriva: 2011:171: networkmanager Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Mandrake Security issues were identified and fixed in networkmanager: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors [More...]
 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:171
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : networkmanager
 Date    : November 11, 2011
 Affected: 2011.
 _______________________________________________________________________

 Problem Description:

 Security issues were identified and fixed in networkmanager:
 
 GNOME NetworkManager before 0.8.6 does not properly enforce the
 auth_admin element in PolicyKit, which allows local users to bypass
 intended wireless network sharing restrictions via unspecified vectors
 (CVE-2011-2176).
 
 Incomplete blacklist vulnerability in the svEscape function in
 settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
 NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
 PolicyKit is configured to allow users to create new connections,
 allows local users to execute arbitrary commands via a newline
 character in the name for a new network connection, which is not
 properly handled when writing to the ifcfg file (CVE-2011-3364).
 
 Instead of patching networkmanager, the latest 0.8.6.0 stable
 version is being provided due to the large amount of bugs fixed
 upstream. Also the networkmanager-applet, networkmanager-openconnect,
 networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is
 being provided with their latest 0.8.6.0 stable versions.
 
 The provided packages solves these security vulnerabilities.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2176
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364
 http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2011:
 c530bf1caf9f0c7a893dc6fb5c12199e  2011/i586/libnm-glib2-0.8.6.0-0.1-mdv2011.0.i586.rpm
 ebc62339c61d69de533ff547424b33da  2011/i586/libnm-glib-devel-0.8.6.0-0.1-mdv2011.0.i586.rpm
 5d6f29391291ef36852288cadae40d95  2011/i586/libnm-glib-vpn1-0.8.6.0-0.1-mdv2011.0.i586.rpm
 6087abf2686821434eb3afc51912437e  2011/i586/libnm-glib-vpn-devel-0.8.6.0-0.1-mdv2011.0.i586.rpm
 b8977f7ed13a0294a7ebbaadee039428  2011/i586/libnm-util1-0.8.6.0-0.1-mdv2011.0.i586.rpm
 c1600e19ab5b04e35287079c9be02738  2011/i586/libnm-util-devel-0.8.6.0-0.1-mdv2011.0.i586.rpm
 4414ce4ae05cf979afd44680876c8391  2011/i586/networkmanager-0.8.6.0-0.1-mdv2011.0.i586.rpm
 958dd23cbafd3b408754a4a579ac22ba  2011/i586/networkmanager-applet-0.8.6.0-0.1-mdv2011.0.i586.rpm
 ba3dede9e2b3c1fa30f43bd19039b7ab  2011/i586/networkmanager-openconnect-0.8.6.0-0.1-mdv2011.0.i586.rpm
 d50dcbedbde986d3942498fd1f5474b1  2011/i586/networkmanager-openvpn-0.8.6.0-0.1-mdv2011.0.i586.rpm
 0f360660a076e002d0159d7ad01dc8ac  2011/i586/networkmanager-pptp-0.8.6.0-0.1-mdv2011.0.i586.rpm
 7c55fc8d1ed0039d9f8457778600de5e  2011/i586/networkmanager-vpnc-0.8.6.0-0.1-mdv2011.0.i586.rpm 
 9646534c9bb96c7f92a63179ae540e7f  2011/SRPMS/networkmanager-0.8.6.0-0.1.src.rpm
 fedaf805fc6d4d70a49f4455254a5427  2011/SRPMS/networkmanager-applet-0.8.6.0-0.1.src.rpm
 c5bf3fe13685d2a4cdcff69e38db2f3c  2011/SRPMS/networkmanager-openconnect-0.8.6.0-0.1.src.rpm
 0eadfcb51e4dbbe140464887b04a7fb8  2011/SRPMS/networkmanager-openvpn-0.8.6.0-0.1.src.rpm
 5e85b3b3f14cd6dd9057c9d02cbb2f15  2011/SRPMS/networkmanager-pptp-0.8.6.0-0.1.src.rpm
 9c83f344de996d5eb8e76b54b4e23bbe  2011/SRPMS/networkmanager-vpnc-0.8.6.0-0.1.src.rpm

 Mandriva Linux 2011/X86_64:
 9fe4801401ee1ed6357238051f5bf295  2011/x86_64/lib64nm-glib2-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 b221a9f33856ab77eb3c18c9b39d1fad  2011/x86_64/lib64nm-glib-devel-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 518492246aae82e41b4a11646241ce25  2011/x86_64/lib64nm-glib-vpn1-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 d6972f15d6e98236c1721086ab32a3ba  2011/x86_64/lib64nm-glib-vpn-devel-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 9fb5f213996fb6e4a59351138c51fd34  2011/x86_64/lib64nm-util1-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 d4b5e921aa28d9c55f38eb976c69003f  2011/x86_64/lib64nm-util-devel-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 42737153344129c8196a2b34345a76f6  2011/x86_64/networkmanager-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 70433a01223f7a26156dfac562d7e56c  2011/x86_64/networkmanager-applet-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 19cf7eab0cd01a6c610d40cd0c81cf97  2011/x86_64/networkmanager-openconnect-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 f8a66ca3491630187725bbdeeb9c62ac  2011/x86_64/networkmanager-openvpn-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 edfd577bd13f0c7c23c22d7af9be173a  2011/x86_64/networkmanager-pptp-0.8.6.0-0.1-mdv2011.0.x86_64.rpm
 14c16994c828cb316b7004fc31e6dc40  2011/x86_64/networkmanager-vpnc-0.8.6.0-0.1-mdv2011.0.x86_64.rpm 
 9646534c9bb96c7f92a63179ae540e7f  2011/SRPMS/networkmanager-0.8.6.0-0.1.src.rpm
 fedaf805fc6d4d70a49f4455254a5427  2011/SRPMS/networkmanager-applet-0.8.6.0-0.1.src.rpm
 c5bf3fe13685d2a4cdcff69e38db2f3c  2011/SRPMS/networkmanager-openconnect-0.8.6.0-0.1.src.rpm
 0eadfcb51e4dbbe140464887b04a7fb8  2011/SRPMS/networkmanager-openvpn-0.8.6.0-0.1.src.rpm
 5e85b3b3f14cd6dd9057c9d02cbb2f15  2011/SRPMS/networkmanager-pptp-0.8.6.0-0.1.src.rpm
 9c83f344de996d5eb8e76b54b4e23bbe  2011/SRPMS/networkmanager-vpnc-0.8.6.0-0.1.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
'Snowden effect' has changed cloud data security assumption, survey claims
Galaxy S5 fingerprint scanner hacked with glue mould
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.