Page 2 of 11 results (0.010 seconds)

CVSS: 3.3EPSS: 1%CPEs: 1EXPL: 0

The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922. La función receive_ra en rdisc/nm-lndp-rdisc.c en la implementación del protocolo Neighbor Discovery (ND) en la pila IPv6 en NetworkManager 1.x permite a atacantes remotos reconfigurar un ajuste de límite de salto a través de un valor hop_limit pequeño en un mensaje Router Advertisement (RA), un problema similar a CVE-2015-2922. A flaw was found in the way NetworkManager handled router advertisements. An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination. • http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157803.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/158103.html http://openwall.com/lists/oss-security/2015/04/04/2 http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html http://www.securityfocus.com/bid/76879 https://security.gentoo.org/glsa/201509-05 https://access.redhat.com/security/cve/CVE-2015-2924 https://bugzilla.redhat.com/show_bug.cgi?id=1209902 • CWE-20: Improper Input Validation CWE-358: Improperly Implemented Security Check for Standard •

CVSS: 5.0EPSS: 2%CPEs: 25EXPL: 0

GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215. NOME NetworkManager permite a atacantes remotos causar una denegación de servicio (interrupción del tráfico IPv6) a través de un valor MTU manipulado en un mensaje Router Advertisement (RA) IPv6, una vulnerabilidad diferente a CVE-2015-8215. It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00035.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00018.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00031.html http://lists.opensuse.org/opensuse-security&# • CWE-20: Improper Input Validation •

CVSS: 2.1EPSS: 0%CPEs: 16EXPL: 0

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors. GNOME NetworkManager antes de v0.8.6 G no aplica correctamente el elemento auth_admin de PolicyKit, lo que permite a usuarios locales eludir restricciones intencionadas en el intercambio de redes inalámbricas a través de vectores no especificados. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html http://secunia.com/advisories/44858 http://securitytracker.com/id?1025711 http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-0930.html https://bugzilla.redhat.com/show_bug.cgi?id=709662 https://access.redhat.com/security/cve/CVE-2011-2176 • CWE-287: Improper Authentication •

CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file. La función destroy_one_secret en nm-setting-vpn.c en libnm-util en el paquete de NetworkManager v0.8.999-3.git20110526 en Fedora 15 crea una entrada de registro que contiene una contraseña del certificado, que permite a usuarios locales obtener información sensible mediante la lectura de un archivo de registro. • http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html http://www.openwall.com/lists/oss-security/2011/05/31/6 http://www.openwall.com/lists/oss-security/2011/05/31/7 https://bugzilla.redhat.com/show_bug.cgi?id=708876 https://exchange.xforce.ibmcloud.com/vulnerabilities/68057 • CWE-532: Insertion of Sensitive Information into Log File •

CVSS: 6.8EPSS: 1%CPEs: 1EXPL: 0

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network. NetworkManager (NM) v0.7.2 no asegura que el fichero del certificado de la autoridad de certificación (CA) configurada para una red (1) WPA Enterprise o (2) 802.1x continúe presente durante un intento de conexión, lo que podría permitir a atacantes remotos obtener información sensible o provocar una denegación de servicio (interrupción de conectividad) mediante la suplantación de identidad de una red inalámbrica. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067 http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html http://secunia.com/advisories/38420 http://www.openwall.com/lists/oss-security/2009/12/16/3 http://www.redhat.com/support/errata/RHSA-2010-0108.html http://www.securityfocus.com/bid/37580 https://bugzilla.redhat.com/show_bug.cgi • CWE-310: Cryptographic Issues •