Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 382045 (CVE-2011-2176)

Summary: <net-misc/networkmanager-0.9.4.0-r6: Multiple vulnerabilities (CVE-2011-{2176,3364})
Product: Gentoo Security Reporter: daavelino
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: dagger, nirbheek, qiaomuf, steev
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2176
Whiteboard: A4 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on: 430370    
Bug Blocks:    

Description daavelino 2011-09-06 13:28:10 UTC 
As in NVD: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2011-10-07 22:35:23 UTC 
CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176):
  GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin
  element in PolicyKit, which allows local users to bypass intended wireless
  network sharing restrictions via unspecified vectors.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2011-11-17 04:44:12 UTC 
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
Comment 3 Pavel Šimerda 2012-11-23 09:58:00 UTC 
(In reply to comment #1)
> CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176):
>   GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin
>   element in PolicyKit, which allows local users to bypass intended wireless
>   network sharing restrictions via unspecified vectors.

0.8.4.0-r2 is still in portage and I don't see a mention of this CVE or bug report
in the ebuild. This version is obsolete.

(In reply to comment #2)
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364
> 
> Incomplete blacklist vulnerability in the svEscape function in
> settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
> NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
> PolicyKit is configured to allow users to create new connections, allows
> local users to execute arbitrary commands via a newline character in the
> name for a new network connection, which is not properly handled when
> writing to the ifcfg file.

Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only 
obsolete 0.8.4.0-r2 is affected.

What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this bug
report closed?
Comment 4 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-26 12:05:32 UTC 
(In reply to comment #3)
> 
> Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only 
> obsolete 0.8.4.0-r2 is affected.
> 
> What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this
> bug
> report closed?

Thanks for the info, Pavel. 

Stabilization completed in bug 430370. 

Maintainers, please drop the affected version.

GLSA vote: no.
Comment 5 Tim Sammut (RETIRED) gentoo-dev 2012-12-10 18:56:23 UTC 
GLSA Vote: No too, closing noglsa.