CVE-2009-0365
published 2009-03-05CVE-2009-0365: nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection…
PriorityP415medium4.6CVSS 2.0
AVLACLAuSCCINAN
EPSS
0.78%
51.5th percentile
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | network-manager | < network-manager 0.6.5-1 (bookworm) | network-manager 0.6.5-1 (bookworm) |
| debian | network-manager-applet | < network-manager 0.6.5-1 (bookworm) | network-manager 0.6.5-1 (bookworm) |
| network-manager_project | network-manager | >= 0 < 0.6.5-1 | 0.6.5-1 |
| network-manager_project | network-manager | >= 0 < 0.6.5-1 | 0.6.5-1 |
| network-manager_project | network-manager | >= 0 < 0.6.5-1 | 0.6.5-1 |
| network-manager_project | network-manager | >= 0 < 0.6.5-1 | 0.6.5-1 |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
| ubuntu | ubuntu_linux | — | — |
CVSS provenance
nvdv2.04.6MEDIUMAV:L/AC:L/Au:S/C:C/I:N/A:N
osv4.6MEDIUM
vendor_debian4.6MEDIUM
vendor_redhat4.6MEDIUM
vendor_ubuntu4.6MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
NetworkManager: GetSecrets disclosure
vendor_redhat·2009-03-03·CVSS 4.6
CVE-2009-0365 [MEDIUM] NetworkManager: GetSecrets disclosure
NetworkManager: GetSecrets disclosure
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
Ubuntu
network-manager-applet vulnerabilities
vendor_ubuntu·2009-03-03·CVSS 4.6
CVE-2009-0365 [MEDIUM] network-manager-applet vulnerabilities
Title: network-manager-applet vulnerabilities
Summary: network-manager-applet vulnerabilities
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users' network connection passwords and pre-shared keys.
(CVE-2009-0365)
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
could use dbus to modify or delete other users' network connections. This issue
only applied to Ubuntu 8.10. (CVE-2009-0578)
Instructions: In general, a standard system upgrade is sufficient to effect the
necessary changes.
Ubuntu
NetworkManager vulnerability
vendor_ubuntu·2009-03-03
CVE-2009-0365 NetworkManager vulnerability
Title: NetworkManager vulnerability
Summary: NetworkManager vulnerability
USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory
provides the corresponding updates for NetworkManager.
It was discovered that NetworkManager did not properly enforce permissions when
responding to dbus requests. A local user could perform dbus queries to view
system and user network connection passwords and pre-shared keys.
Instructions: After a standard system upgrade you need to reboot your computer to
effect the necessary changes.
Debian
CVE-2009-0365: network-manager - nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect den...
vendor_debian·2009·CVSS 4.6
CVE-2009-0365 [MEDIUM] CVE-2009-0365: network-manager - nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect den...
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
Scope: local
bookworm: resolved (fixed in 0.6.5-1)
bullseye: resolved (fixed in 0.6.5-1)
forky: resolved (fixed in 0.6.5-1)
sid: resolved (fixed in 0.6.5-1)
trixie: resolved (fixed in 0.6.5-1)
GHSA
GHSA-hprr-xq95-m5m9: nm-applet
ghsa_unreviewed·2022-05-02
CVE-2009-0365 [MEDIUM] GHSA-hprr-xq95-m5m9: nm-applet
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
OSV
CVE-2009-0365: nm-applet
osv·2009-03-05·CVSS 4.6
CVE-2009-0365 [MEDIUM] CVE-2009-0365: nm-applet
nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34067http://secunia.com/advisories/34177http://secunia.com/advisories/34473http://securitytracker.com/id?1021910http://securitytracker.com/id?1021911http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207http://www.debian.org/security/2009/dsa-1955http://www.redhat.com/support/errata/RHSA-2009-0361.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0362.htmlhttp://www.securityfocus.com/bid/33966http://www.securitytracker.com/id?1021908http://www.ubuntu.com/usn/USN-727-1http://www.ubuntu.com/usn/USN-727-2https://bugzilla.redhat.com/show_bug.cgi?id=487722https://bugzilla.redhat.com/show_bug.cgi?id=487752https://exchange.xforce.ibmcloud.com/vulnerabilities/49062https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.htmlhttp://secunia.com/advisories/34067http://secunia.com/advisories/34177http://secunia.com/advisories/34473http://securitytracker.com/id?1021910http://securitytracker.com/id?1021911http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207http://www.debian.org/security/2009/dsa-1955http://www.redhat.com/support/errata/RHSA-2009-0361.htmlhttp://www.redhat.com/support/errata/RHSA-2009-0362.htmlhttp://www.securityfocus.com/bid/33966http://www.securitytracker.com/id?1021908http://www.ubuntu.com/usn/USN-727-1http://www.ubuntu.com/usn/USN-727-2https://bugzilla.redhat.com/show_bug.cgi?id=487722https://bugzilla.redhat.com/show_bug.cgi?id=487752https://exchange.xforce.ibmcloud.com/vulnerabilities/49062https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828
2009-03-05
Published