ID CVE-2011-3364
Summary Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:networkmanager:0.9.1
    cpe:2.3:a:gnome:networkmanager:0.9.1
  • GNOME Network Manager 0.9.0
    cpe:2.3:a:gnome:networkmanager:0.9.0
  • GNOME Network Manager 0.8.1
    cpe:2.3:a:gnome:networkmanager:0.8.1
  • cpe:2.3:a:gnome:ifcfg-rh_plug-in
    cpe:2.3:a:gnome:ifcfg-rh_plug-in
CVSS
Base: 6.9 (as of 07-11-2011 - 14:38)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-13425.NASL
    description This update fixes security issue in ifcfg-rh plugin (CVE-2011-3364). This update also fixes an applet and connection editor crash caused by mis-packaging of some UI-related files, and corrects the path of iscsiadm. This update further adds the ability to delete connections from nmcli, correctly handles IPv6 link-local DNS servers when using the dnsmasq local caching nameserver plugin, and fixes connection timestamps for VPN connections. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56370
    published 2011-10-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56370
    title Fedora 16 : NetworkManager-0.9.1.90-3.git20110927.fc16 (2011-13425)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1338.NASL
    description From Red Hat Security Advisory 2011:1338 : Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections. (CVE-2011-3364) Red Hat would like to thank Matt McCutchen for reporting this issue. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ('service NetworkManager restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68358
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68358
    title Oracle Linux 6 : NetworkManager (ELSA-2011-1338)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-171.NASL
    description Security issues were identified and fixed in networkmanager : GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors (CVE-2011-2176). Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file (CVE-2011-3364). Instead of patching networkmanager, the latest 0.8.6.0 stable version is being provided due to the large amount of bugs fixed upstream. Also the networkmanager-applet, networkmanager-openconnect, networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is being provided with their latest 0.8.6.0 stable versions. The provided packages solves these security vulnerabilities.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 61935
    published 2012-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61935
    title Mandriva Linux Security Advisory : networkmanager (MDVSA-2011:171)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1338.NASL
    description Updated NetworkManager packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Red Hat Enterprise Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections. (CVE-2011-3364) Red Hat would like to thank Matt McCutchen for reporting this issue. Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ('service NetworkManager restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56304
    published 2011-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56304
    title RHEL 6 : NetworkManager (RHSA-2011:1338)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-13401.NASL
    description This update fixes security issue in ifcfg-rh plugin (CVE-2011-3364). In addition, it updates to 0.8.6-rc1. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56419
    published 2011-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56419
    title Fedora 14 : NetworkManager-0.8.5.92-1.git20110927.fc14 (2011-13401)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-13388.NASL
    description This update fixes security issue in ifcfg-rh plugin (CVE-2011-3364). In addition, it updates to 0.9.1.90 featuring : - ability to delete connections from nmcli - correctly handles IPv6 link-local DNS servers when using the dnsmasq local caching nameserver plugin - fixes connection timestamps for VPN connections - fixes the path of iscsiadm Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 56341
    published 2011-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56341
    title Fedora 15 : NetworkManager-0.9.1.90-1.git20110927.fc15 (2011-13388)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20110926_NETWORKMANAGER_ON_SL6_X.NASL
    description NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. The ifcfg-rh NetworkManager plug-in is used in Scientific Linux distributions to read and write configuration information from the /etc/sysconfig/network-scripts/ifcfg-* files. An input sanitization flaw was found in the way the ifcfg-rh NetworkManager plug-in escaped network connection names containing special characters. If PolicyKit was configured to allow local, unprivileged users to create and save new network connections, they could create a connection with a specially crafted name, leading to the escalation of their privileges. Note: By default, PolicyKit prevents unprivileged users from creating and saving network connections. (CVE-2011-3364) Users of NetworkManager should upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted ('service NetworkManager restart') for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61142
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61142
    title Scientific Linux Security Update : NetworkManager on SL6.x i386/x86_64
redhat via4
advisories
bugzilla
id 737338
title CVE-2011-3364 NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment NetworkManager is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338005
      • comment NetworkManager is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930006
    • AND
      • comment NetworkManager-devel is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338011
      • comment NetworkManager-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930014
    • AND
      • comment NetworkManager-glib is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338009
      • comment NetworkManager-glib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930010
    • AND
      • comment NetworkManager-glib-devel is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338007
      • comment NetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930012
    • AND
      • comment NetworkManager-gnome is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338013
      • comment NetworkManager-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930008
rhsa
id RHSA-2011:1338
released 2011-09-26
severity Moderate
title RHSA-2011:1338: NetworkManager security update (Moderate)
rpms
  • NetworkManager-1:0.8.1-9.el6_1.3
  • NetworkManager-devel-1:0.8.1-9.el6_1.3
  • NetworkManager-glib-1:0.8.1-9.el6_1.3
  • NetworkManager-glib-devel-1:0.8.1-9.el6_1.3
  • NetworkManager-gnome-1:0.8.1-9.el6_1.3
refmap via4
fedora FEDORA-2011-13425
mandriva MDVSA-2011:171
misc
Last major update 18-01-2012 - 22:59
Published 04-11-2011 - 17:55
Back to Top