CVE-2009-0365

CWE-2649 documents8 sources

Severity

4.6MEDIUM

EPSS

0.1%

top 69.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Ubuntu Linux

Timeline

PublishedMar 5

Latest updateMay 2

Description

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

CVSS vector

AV:L/AC:L/C:C/I:N/A:NExploitability: 3.1 | Impact: 6.9

Affected Packages2 packages

▶Debiannetwork-manager-applet< 0.7.0.99-1+3

▶Debiannetwork-manager< 0.6.5-1+3

Also affects: Ubuntu Linux 6.06, 7.10, 8.04, 8.10

Patches

Patch: www.securityfocus.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-hprr-xq95-m5m9: nm-applet↗2022-05-02

▶

CVEList

CVE-2009-0365: nm-applet↗2009-03-05

▶

OSV

CVE-2009-0365: nm-applet↗2009-03-05

▶

📋Vendor Advisories

Red Hat

NetworkManager: GetSecrets disclosure↗2009-03-03

▶

Ubuntu

network-manager-applet vulnerabilities↗2009-03-03

▶

Ubuntu

NetworkManager vulnerability↗2009-03-03

▶

Debian

CVE-2009-0365: network-manager - nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect den...↗2009

▶

💬Community

Bugzilla

CVE-2009-0365 NetworkManager: GetSecrets disclosure↗2009-02-27

▶