Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 382045 (CVE-2011-2176) - <net-misc/networkmanager-0.9.4.0-r6: Multiple vulnerabilities (CVE-2011-{2176,3364})
Summary: <net-misc/networkmanager-0.9.4.0-r6: Multiple vulnerabilities (CVE-2011-{2176...
Status: RESOLVED FIXED
Alias: CVE-2011-2176
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://web.nvd.nist.gov/view/vuln/det...
Whiteboard: A4 [noglsa]
Keywords:
Depends on: 430370
Blocks:
  Show dependency tree
 
Reported: 2011-09-06 13:28 UTC by daavelino
Modified: 2012-12-10 18:56 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description daavelino 2011-09-06 13:28:10 UTC 
As in NVD: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:35:23 UTC 
CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176):
  GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin
  element in PolicyKit, which allows local users to bypass intended wireless
  network sharing restrictions via unspecified vectors.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-11-17 04:44:12 UTC 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
Comment 3 Pavel Šimerda 2012-11-23 09:58:00 UTC 
(In reply to comment #1)
> CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176):
>   GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin
>   element in PolicyKit, which allows local users to bypass intended wireless
>   network sharing restrictions via unspecified vectors.

0.8.4.0-r2 is still in portage and I don't see a mention of this CVE or bug report
in the ebuild. This version is obsolete.

(In reply to comment #2)
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364
> 
> Incomplete blacklist vulnerability in the svEscape function in
> settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
> NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
> PolicyKit is configured to allow users to create new connections, allows
> local users to execute arbitrary commands via a newline character in the
> name for a new network connection, which is not properly handled when
> writing to the ifcfg file.

Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only 
obsolete 0.8.4.0-r2 is affected.

What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this bug
report closed?
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-26 12:05:32 UTC 
(In reply to comment #3)
> 
> Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only 
> obsolete 0.8.4.0-r2 is affected.
> 
> What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this
> bug
> report closed?

Thanks for the info, Pavel. 

Stabilization completed in bug 430370. 

Maintainers, please drop the affected version.

GLSA vote: no.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-12-10 18:56:23 UTC 
GLSA Vote: No too, closing noglsa.