ID CVE-2016-0764
Summary Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.
References
Vulnerable Configurations
  • cpe:2.3:a:redhat:network_manager:1.0.8
    cpe:2.3:a:redhat:network_manager:1.0.8
  • RedHat Enterprise Linux HPC Node 7.0
    cpe:2.3:o:redhat:enterprise_linux_hpc_node:7.0
  • RedHat Enterprise Linux Desktop 7.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:7.0
  • RedHat Enterprise Linux Server 7.0
    cpe:2.3:o:redhat:enterprise_linux_server:7.0
  • RedHat Enterprise Linux Workstation 7.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:7.0
CVSS
Base: 2.1
Impact:
Exploitability:
CWE CWE-362
CAPEC
  • Leveraging Race Conditions
    This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
  • Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
    This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2581.NASL
    description From Red Hat Security Advisory 2016:2581 : An update for NetworkManager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ#1032717, BZ#1271581) Security Fix(es) : * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2018-09-01
    modified 2018-07-24
    plugin id 94703
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94703
    title Oracle Linux 7 : NetworkManager (ELSA-2016-2581)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_NETWORKMANAGER_ON_SL7_X.NASL
    description The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager- applet (1.4.0), libnl3 (3.2.28). Security Fix(es) : - A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes :
    last seen 2018-09-02
    modified 2018-01-26
    plugin id 95833
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95833
    title Scientific Linux Security Update : NetworkManager on SL7.x x86_64
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2016-1067.NASL
    description According to the version of the libnl3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A race condition vulnerability was discovered in NetworkManager.Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2018-11-15
    modified 2018-11-14
    plugin id 99829
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99829
    title EulerOS 2.0 SP1 : libnl3 (EulerOS-SA-2016-1067)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2581.NASL
    description An update for NetworkManager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ# 1032717, BZ#1271581) Security Fix(es) : * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2018-11-11
    modified 2018-11-10
    plugin id 95328
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95328
    title CentOS 7 : NetworkManager / NetworkManager-libreswan / libnl3 / network-manager-applet (CESA-2016:2581)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2581.NASL
    description An update for NetworkManager is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services. The following packages have been upgraded to a newer upstream version: NetworkManager (1.4.0), NetworkManager-libreswan (1.2.4), network-manager-applet (1.4.0), libnl3 (3.2.28). (BZ#1264552, BZ#1296058, BZ# 1032717, BZ#1271581) Security Fix(es) : * A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys. (CVE-2016-0764) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 94544
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94544
    title RHEL 7 : NetworkManager (RHSA-2016:2581)
redhat via4
advisories
bugzilla
id 1378809
title installation of 1.4.0 NM is possible onto 7.2 but it's not working w/o newer glib2
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 7 Client is installed
      oval oval:com.redhat.rhsa:tst:20140675001
    • comment Red Hat Enterprise Linux 7 Server is installed
      oval oval:com.redhat.rhsa:tst:20140675002
    • comment Red Hat Enterprise Linux 7 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20140675003
    • comment Red Hat Enterprise Linux 7 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20140675004
  • OR
    • AND
      • comment NetworkManager-libreswan is earlier than 0:1.2.4-1.el7
        oval oval:com.redhat.rhsa:tst:20162581005
      • comment NetworkManager-libreswan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315026
    • AND
      • comment NetworkManager-libreswan-gnome is earlier than 0:1.2.4-1.el7
        oval oval:com.redhat.rhsa:tst:20162581007
      • comment NetworkManager-libreswan-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315024
    • AND
      • comment libnl3 is earlier than 0:3.2.28-2.el7
        oval oval:com.redhat.rhsa:tst:20162581011
      • comment libnl3 is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581012
    • AND
      • comment libnl3-cli is earlier than 0:3.2.28-2.el7
        oval oval:com.redhat.rhsa:tst:20162581013
      • comment libnl3-cli is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581014
    • AND
      • comment libnl3-devel is earlier than 0:3.2.28-2.el7
        oval oval:com.redhat.rhsa:tst:20162581015
      • comment libnl3-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581016
    • AND
      • comment libnl3-doc is earlier than 0:3.2.28-2.el7
        oval oval:com.redhat.rhsa:tst:20162581009
      • comment libnl3-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581010
    • AND
      • comment libnm-gtk is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581023
      • comment libnm-gtk is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315020
    • AND
      • comment libnm-gtk-devel is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581019
      • comment libnm-gtk-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315018
    • AND
      • comment libnma is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581017
      • comment libnma is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581018
    • AND
      • comment libnma-devel is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581027
      • comment libnma-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581028
    • AND
      • comment network-manager-applet is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581021
      • comment network-manager-applet is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315022
    • AND
      • comment nm-connection-editor is earlier than 0:1.4.0-2.el7
        oval oval:com.redhat.rhsa:tst:20162581025
      • comment nm-connection-editor is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315016
    • AND
      • comment NetworkManager is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581041
      • comment NetworkManager is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930006
    • AND
      • comment NetworkManager-adsl is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581047
      • comment NetworkManager-adsl is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315030
    • AND
      • comment NetworkManager-bluetooth is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581035
      • comment NetworkManager-bluetooth is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315052
    • AND
      • comment NetworkManager-config-server is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581049
      • comment NetworkManager-config-server is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315048
    • AND
      • comment NetworkManager-dispatcher-routing-rules is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581053
      • comment NetworkManager-dispatcher-routing-rules is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20162581054
    • AND
      • comment NetworkManager-glib is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581033
      • comment NetworkManager-glib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930010
    • AND
      • comment NetworkManager-glib-devel is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581037
      • comment NetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930012
    • AND
      • comment NetworkManager-libnm is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581031
      • comment NetworkManager-libnm is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315040
    • AND
      • comment NetworkManager-libnm-devel is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581029
      • comment NetworkManager-libnm-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315028
    • AND
      • comment NetworkManager-team is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581039
      • comment NetworkManager-team is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315046
    • AND
      • comment NetworkManager-tui is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581051
      • comment NetworkManager-tui is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315044
    • AND
      • comment NetworkManager-wifi is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581045
      • comment NetworkManager-wifi is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315042
    • AND
      • comment NetworkManager-wwan is earlier than 1:1.4.0-12.el7
        oval oval:com.redhat.rhsa:tst:20162581043
      • comment NetworkManager-wwan is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20152315034
rhsa
id RHSA-2016:2581
released 2016-11-03
severity Low
title RHSA-2016:2581: NetworkManager security, bug fix, and enhancement update (Low)
rpms
  • NetworkManager-libreswan-0:1.2.4-1.el7
  • NetworkManager-libreswan-gnome-0:1.2.4-1.el7
  • libnl3-0:3.2.28-2.el7
  • libnl3-cli-0:3.2.28-2.el7
  • libnl3-devel-0:3.2.28-2.el7
  • libnl3-doc-0:3.2.28-2.el7
  • libnm-gtk-0:1.4.0-2.el7
  • libnm-gtk-devel-0:1.4.0-2.el7
  • libnma-0:1.4.0-2.el7
  • libnma-devel-0:1.4.0-2.el7
  • network-manager-applet-0:1.4.0-2.el7
  • nm-connection-editor-0:1.4.0-2.el7
  • NetworkManager-1:1.4.0-12.el7
  • NetworkManager-adsl-1:1.4.0-12.el7
  • NetworkManager-bluetooth-1:1.4.0-12.el7
  • NetworkManager-config-server-1:1.4.0-12.el7
  • NetworkManager-dispatcher-routing-rules-1:1.4.0-12.el7
  • NetworkManager-glib-1:1.4.0-12.el7
  • NetworkManager-glib-devel-1:1.4.0-12.el7
  • NetworkManager-libnm-1:1.4.0-12.el7
  • NetworkManager-libnm-devel-1:1.4.0-12.el7
  • NetworkManager-team-1:1.4.0-12.el7
  • NetworkManager-tui-1:1.4.0-12.el7
  • NetworkManager-wifi-1:1.4.0-12.el7
  • NetworkManager-wwan-1:1.4.0-12.el7
refmap via4
confirm https://bugzilla.redhat.com/show_bug.cgi?id=1324025
Last major update 17-07-2017 - 09:18
Published 17-07-2017 - 09:18
Last modified 21-07-2017 - 13:58
Back to Top