Local User Information Disclosure in GNOME NetworkManager
CVE-2009-0365

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Ubuntu Linux
Vendor: CVE Published:; 5 March 2009

What is CVE-2009-0365?

An improper configuration in the nm-applet.conf file of GNOME NetworkManager prior to version 0.7.0.99 enables local users to exploit the GetSecrets method in the D-Bus request handler, leading to potential exposure of sensitive information such as network connection passwords and pre-shared keys. This raises significant security concerns, particularly in multi-user environments.

References

http://securitytracker.com/id?1021910

vdb-entryx_refsource_SECTRACK

http://www.ubuntu.com/usn/USN-727-1

vendor-advisoryx_refsource_UBUNTU

http://www.ubuntu.com/usn/USN-727-2

vendor-advisoryx_refsource_UBUNTU

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 5, 2009
Vulnerability Reserved
Jan 29, 2009

Ubuntu

What is CVE-2009-0365?

References

Timeline