PolicyKit Enforcement Flaw in GNOME NetworkManager by Red Hat
CVE-2011-2176

Currently unrated

Key Information:

Vendor: Gnome
Status: Networkmanager
Vendor: CVE Published:; 2 September 2011

Summary

The GNOME NetworkManager prior to version 0.8.6 is susceptible to a PolicyKit enforcement flaw, which allows local users to circumvent restrictions on wireless network sharing. This vulnerability arises from insufficient validation of the auth_admin element, permitting unauthorized elevation of user privileges under certain unspecified conditions, potentially leading to unauthorized access to sensitive network configurations and user data.

References

http://cgit.freedesktop.org/NetworkManager/NetworkManager...

x_refsource_CONFIRM

http://securitytracker.com/id?1025711

vdb-entryx_refsource_SECTRACK

http://lists.fedoraproject.org/pipermail/package-announce...

vendor-advisoryx_refsource_FEDORA

Timeline

Vulnerability published
Sep 2, 2011
Vulnerability Reserved
May 31, 2011