As in NVD: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176): GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364 Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
(In reply to comment #1) > CVE-2011-2176 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2176): > GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin > element in PolicyKit, which allows local users to bypass intended wireless > network sharing restrictions via unspecified vectors. 0.8.4.0-r2 is still in portage and I don't see a mention of this CVE or bug report in the ebuild. This version is obsolete. (In reply to comment #2) > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364 > > Incomplete blacklist vulnerability in the svEscape function in > settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME > NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when > PolicyKit is configured to allow users to create new connections, allows > local users to execute arbitrary commands via a newline character in the > name for a new network connection, which is not properly handled when > writing to the ifcfg file. Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only obsolete 0.8.4.0-r2 is affected. What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this bug report closed?
(In reply to comment #3) > > Fixed in 0.8.6 and 0.9.2 (according to NetworkManager git). Only > obsolete 0.8.4.0-r2 is affected. > > What is the proper procedure here? Can 0.8.4.0-r2 be simply removed and this > bug > report closed? Thanks for the info, Pavel. Stabilization completed in bug 430370. Maintainers, please drop the affected version. GLSA vote: no.
GLSA Vote: No too, closing noglsa.