ID CVE-2011-3364
Summary Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. Per: http://cwe.mitre.org/data/definitions/184.html 'CWE-184: Incomplete Blacklist'
References
Vulnerable Configurations
  • cpe:2.3:a:gnome:ifcfg-rh_plug-in:*:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:ifcfg-rh_plug-in:*:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:networkmanager:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:networkmanager:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:networkmanager:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:networkmanager:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:gnome:networkmanager:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:gnome:networkmanager:0.9.1:*:*:*:*:*:*:*
CVSS
Base: 6.9 (as of 19-01-2012 - 03:59)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:M/Au:N/C:C/I:C/A:C
redhat via4
advisories
bugzilla
id 737338
title CVE-2011-3364 NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
  • OR
    • AND
      • comment NetworkManager is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338005
      • comment NetworkManager is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930006
    • AND
      • comment NetworkManager-devel is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338011
      • comment NetworkManager-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930014
    • AND
      • comment NetworkManager-glib is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338009
      • comment NetworkManager-glib is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930010
    • AND
      • comment NetworkManager-glib-devel is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338007
      • comment NetworkManager-glib-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930012
    • AND
      • comment NetworkManager-gnome is earlier than 1:0.8.1-9.el6_1.3
        oval oval:com.redhat.rhsa:tst:20111338013
      • comment NetworkManager-gnome is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20110930008
rhsa
id RHSA-2011:1338
released 2011-09-26
severity Moderate
title RHSA-2011:1338: NetworkManager security update (Moderate)
rpms
  • NetworkManager-1:0.8.1-9.el6_1.3
  • NetworkManager-devel-1:0.8.1-9.el6_1.3
  • NetworkManager-glib-1:0.8.1-9.el6_1.3
  • NetworkManager-glib-devel-1:0.8.1-9.el6_1.3
  • NetworkManager-gnome-1:0.8.1-9.el6_1.3
refmap via4
fedora FEDORA-2011-13425
mandriva MDVSA-2011:171
misc
Last major update 19-01-2012 - 03:59
Published 04-11-2011 - 21:55
Back to Top