CVE-2009-4145

Published: 23 December 2009

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.

Notes

Author	Note
mdeslaur	reproducer in RH bug already fixed in 0.8

Priority

Status

Package	Release	Status
network-manager Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	hardy	Not vulnerable
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	karmic	Not vulnerable
	upstream	Needed
network-manager-applet Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Not vulnerable (0.6.6-0ubuntu3.1)
	intrepid	Released (0.7~~svn20081020t000444-0ubuntu1.8.10.3)
	jaunty	Released (0.7.1~rc4.1-0ubuntu2.1)
	karmic	Not vulnerable (0.8~a~git.20091014t134532.4033e62-0ubuntu1)
	upstream	Needed
	Patches: upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894 upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2 upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8677b82ed7166a1c754aa9aab4e85123819ad545 (fixes regression)

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›