Miembros de
Boletines de Vulnerabilidades |
Múltiples vulnerabilidades en Network-Manager |
|
Clasificación de la vulnerabilidad |
|
| Propiedad | Valor |
| Nivel de Confianza | Oficial |
| Impacto | Aumento de privilegios |
| Dificultad | Experto |
| Requerimientos del atacante | Acceso remoto con cuenta |
Información sobre el sistema |
|
| Propiedad | Valor |
| Fabricante afectado | GNU/Linux |
| Software afectado | Network-Manager |
Descripción |
|
|
Se han descubierto múltiples vulnerabilidades en Network-Manager. Las vulnerabilidades son descritas a continuación: - CVE-2009-0365: La vulnerabilidad reside en un error en el manejador de peticiones de d-bus en el applet network-manager el cual no verifica correctamente los privilegios. Un atacante local podría descubrir contraseñas o claves compartidas en conexiones de red mediante métodos no especificados. - CVE-2009-0578: La vulnerabilidad reside en un error en el applet network-manager. Un atacante local podría modificar o borrar conexiones de red de usuarios arbitrario mediante métodos no especificados. |
|
Solución |
|
|
Actualización de software Suse Linux Las actualizaciones pueden descargarse mediante YAST o del servidor FTP oficial de Suse Linux. Red Hat (RHSA-2009:0361-1) RHEL Desktop Workstation (v. 5 cliente) Red Hat Enterprise Linux (v. 5 servidor) Red Hat Enterprise Linux Desktop (v. 5 cliente) https://rhn.redhat.com/ Red Hat (RHSA-2009:0362-1) Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Debian (DSA-1955-1) Debian Linux 4.0 Source http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.dsc http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1.diff.gz http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4.orig.tar.gz alpha (DEC Alpha) http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_alpha.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_amd64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_amd64.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_hppa.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_i386.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_ia64.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_mips.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_mips.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_powerpc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_powerpc.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/network-manager/libnm-util-dev_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib-dev_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-dev_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-glib0_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/network-manager-gnome_0.6.4-6+etch1_sparc.deb http://security.debian.org/pool/updates/main/n/network-manager/libnm-util0_0.6.4-6+etch1_sparc.deb Debian (DSA-1955-1) Debian Linux 5.0 Source http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.dsc http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6-4+lenny1.diff.gz http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz alpha (DEC Alpha) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_alpha.deb amd64 (AMD x86_64 (AMD64)) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_amd64.deb hppa (HP PA RISC) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_hppa.deb i386 (Intel ia32) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_i386.deb ia64 (Intel ia64) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_ia64.deb mips (MIPS (Big Endian)) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mips.deb mipsel (MIPS (Little Endian)) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_mipsel.deb powerpc (PowerPC) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_powerpc.deb sparc (Sun SPARC/UltraSPARC) http://security.debian.org/pool/updates/main/n/network-manager-applet/network-manager-gnome_0.6.6-4+lenny1_sparc.deb |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE |
CVE-2009-0365 CVE-2009-0578 |
| BID | 33966 |
Recursos adicionales |
|
|
SUSE Security Advisory (SUSE-SA:2009:013) http://www.novell.com/linux/security/advisories/2009_13_dbus.html Red Hat Security Advisory (RHSA-2009:0361-1) https://rhn.redhat.com/errata/RHSA-2009-0361.html Red Hat Security Advisory (RHSA-2009:0362-1) https://rhn.redhat.com/errata/RHSA-2009-0362.html Debian Security Advisory (DSA-1955-1) http://lists.debian.org/debian-security-announce/2009/msg00279.html |
|
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Aviso emitido | 2009-03-26 |
| 1.1 | Aviso emitido por Debian (DSA-1955-1) | 2009-12-29 |