CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security • CWE-20: Improper Input Validation •
CVE-2012-2736
https://notcve.org/view.php?id=CVE-2012-2736
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. En NetworkManager versión 0.9.2.0, cuando una nueva red inalámbrica fue creada con seguridad WPA/WPA2 en modo AdHoc, creó una red abierta y no segura. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html http://www.openwall.com/lists/oss-security/2012/06/15/2 http://www.openwall.com/lists/oss-security/2012/06/15/4 http://www.ubuntu.com/usn/USN-1483-1 http://www.ubuntu.com/usn/USN-1483-2 https://access.redhat.com/security/cve/cve-2012-2736 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736 https://security-tracker.debian.org/tracker/CVE-2012-2736 • CWE-306: Missing Authentication for Critical Function •
CVE-2011-3364 – NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
https://notcve.org/view.php?id=CVE-2011-3364
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Vulnerabilidad de lista negra incompleta en la función svEscape en el fichero settings/plugins/ifcfg-rh/shvar.c del complemento ifcfg-rh para GNOME NetworkManager v0.9.1, v0.9.0, v0.8.1 y posiblemente otras versiones, cuando PolicyKit esta configurado para permitir a los usuarios crear nuevas conexiones, permite a usuarios locales ejecutar comandos de su elección a través de un carácter de nueva línea en el nombre de una nueva conexión de red, el cual no correctamente tratado al escribir en el fichero ifcfg. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-1338.html http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation https://bugzilla.redhat.com/show_bug.cgi?id=737338 https://access.redhat.com/security/cve/CVE-2011-3364 •
CVE-2011-2176 – NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
https://notcve.org/view.php?id=CVE-2011-2176
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. GNOME NetworkManager antes de v0.8.6 G no aplica correctamente el elemento auth_admin de PolicyKit, lo que permite a usuarios locales eludir restricciones intencionadas en el intercambio de redes inalámbricas a través de vectores no especificados. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html http://secunia.com/advisories/44858 http://securitytracker.com/id?1025711 http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-0930.html https://bugzilla.redhat.com/show_bug.cgi?id=709662 https://access.redhat.com/security/cve/CVE-2011-2176 • CWE-287: Improper Authentication •
CVE-2011-1943
https://notcve.org/view.php?id=CVE-2011-1943
The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. La función destroy_one_secret en nm-setting-vpn.c en libnm-util en el paquete de NetworkManager v0.8.999-3.git20110526 en Fedora 15 crea una entrada de registro que contiene una contraseña del certificado, que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html http://www.openwall.com/lists/oss-security/2011/05/31/6 http://www.openwall.com/lists/oss-security/2011/05/31/7 https://bugzilla.redhat.com/show_bug.cgi?id=708876 https://exchange.xforce.ibmcloud.com/vulnerabilities/68057 • CWE-532: Insertion of Sensitive Information into Log File •