CVE-2009-4145
published 2009-12-23CVE-2009-4145: nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to…
PriorityP46low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.38%
30.1th percentile
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | network-manager | < network-manager-applet 0.7.2-2 (bookworm) | network-manager-applet 0.7.2-2 (bookworm) |
| debian | network-manager-applet | < network-manager-applet 0.7.2-2 (bookworm) | network-manager-applet 0.7.2-2 (bookworm) |
| gnome | networkmanager | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
osv2.1LOW
vendor_ubuntu6.8MEDIUM
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
network-manager-applet vulnerabilities
vendor_ubuntu·2010-01-13·CVSS 6.8
CVE-2009-4144 [MEDIUM] network-manager-applet vulnerabilities
Title: network-manager-applet vulnerabilities
Summary: network-manager-applet vulnerabilities
It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)
It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)
Instructions: After a standard system upgrade you need to restart your session to effect
the necessary changes.
Red Hat
NetworkManager: information disclosure by nm-connection-editor
vendor_redhat·2009-12-10·CVSS 2.1
CVE-2009-4145 [LOW] NetworkManager: information disclosure by nm-connection-editor
NetworkManager: information disclosure by nm-connection-editor
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Debian
CVE-2009-4145: network-manager - nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects ove...
vendor_debian·2009·CVSS 2.1
CVE-2009-4145 [LOW] CVE-2009-4145: network-manager - nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects ove...
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-2wgm-5xw3-53m2: nm-connection-editor in NetworkManager (NM) 0
ghsa_unreviewed·2022-05-02
CVE-2009-4145 [LOW] CWE-200 GHSA-2wgm-5xw3-53m2: nm-connection-editor in NetworkManager (NM) 0
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
OSV
CVE-2009-4145: nm-connection-editor in NetworkManager (NM) 0
osv·2009-12-23·CVSS 2.1
CVE-2009-4145 [LOW] CVE-2009-4145: nm-connection-editor in NetworkManager (NM) 0
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
No detection rules found.
No public exploits indexed.
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.htmlhttp://secunia.com/advisories/37819http://secunia.com/advisories/38420http://www.openwall.com/lists/oss-security/2009/12/16/3http://www.redhat.com/support/errata/RHSA-2010-0108.htmlhttp://www.securityfocus.com/bid/37580https://bugzilla.redhat.com/show_bug.cgi?id=546117https://exchange.xforce.ibmcloud.com/vulnerabilities/54898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.htmlhttp://secunia.com/advisories/37819http://secunia.com/advisories/38420http://www.openwall.com/lists/oss-security/2009/12/16/3http://www.redhat.com/support/errata/RHSA-2010-0108.htmlhttp://www.securityfocus.com/bid/37580https://bugzilla.redhat.com/show_bug.cgi?id=546117https://exchange.xforce.ibmcloud.com/vulnerabilities/54898https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539
2009-12-23
Published