CVE-2016-0764 – NetworkManager: Race condition allowing info leak
https://notcve.org/view.php?id=CVE-2016-0764
Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes. Una condición de carrera en Network Manager anterior a versión 1.0.12 como empaquetado en Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7 y Red Hat Enterprise Linux Workstation 7, permite a los usuarios locales obtener información de conexión confidencial mediante la lectura de archivos temporales durante cambios de ifcfg y keyfile. A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. • http://rhn.redhat.com/errata/RHSA-2016-2581.html https://bugzilla.redhat.com/show_bug.cgi?id=1324025 https://access.redhat.com/security/cve/CVE-2016-0764 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2015-2924 – NetworkManager: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements
https://notcve.org/view.php?id=CVE-2015-2924
The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. La función receive_ra en rdisc/nm-lndp-rdisc.c en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en NetworkManager 1.x permite a atacantes remotos reconfigurar un ajuste de límite de salto a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA), un problema similar a CVE-2015-2922. A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html http://openwall.com/lists/oss-security/2015/04/04/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76879 https://security.gentoo.org/glsa/201509-05 https://access.redhat.com/security/cve/CVE-2015-2924 https://bugzilla.redhat.com/show_bug.cgi?id=1209902 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •
CVE-2015-0272 – NetworkManager: remote DoS using IPv6 RA with bogus MTU
https://notcve.org/view.php?id=CVE-2015-0272
GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security • CWE-20: Improper Input Validation •
CVE-2012-2736
https://notcve.org/view.php?id=CVE-2012-2736
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network. En NetworkManager versión 0.9.2.0, cuando una nueva red inalámbrica fue creada con seguridad WPA/WPA2 en modo AdHoc, creó una red abierta y no segura. • http://lists.opensuse.org/opensuse-updates/2012-09/msg00049.html http://www.openwall.com/lists/oss-security/2012/06/15/2 http://www.openwall.com/lists/oss-security/2012/06/15/4 http://www.ubuntu.com/usn/USN-1483-1 http://www.ubuntu.com/usn/USN-1483-2 https://access.redhat.com/security/cve/cve-2012-2736 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2736 https://security-tracker.debian.org/tracker/CVE-2012-2736 • CWE-306: Missing Authentication for Critical Function •
CVE-2011-3364 – NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
https://notcve.org/view.php?id=CVE-2011-3364
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Vulnerabilidad de lista negra incompleta en la función svEscape en el fichero settings/plugins/ifcfg-rh/shvar.c del complemento ifcfg-rh para GNOME NetworkManager v0.9.1, v0.9.0, v0.8.1 y posiblemente otras versiones, cuando PolicyKit esta configurado para permitir a los usuarios crear nuevas conexiones, permite a usuarios locales ejecutar comandos de su elección a través de un carácter de nueva línea en el nombre de una nueva conexión de red, el cual no correctamente tratado al escribir en el fichero ifcfg. • http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-1338.html http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation https://bugzilla.redhat.com/show_bug.cgi?id=737338 https://access.redhat.com/security/cve/CVE-2011-3364 •