Red Hat Local Security Checks : RedHat Security Advisory RHSA-2009:0362

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.63638

Category: Red Hat Local Security Checks

Title: RedHat Security Advisory RHSA-2009:0362

Summary: The remote host is missing updates announced in;advisory RHSA-2009:0362.;;NetworkManager is a network link manager that attempts to keep a wired or;wireless network connection active at all times.;;An information disclosure flaw was found in NetworkManager's D-Bus;interface. A local attacker could leverage this flaw to discover sensitive;information, such as network connection passwords and pre-shared keys.;(CVE-2009-0365);;Red Hat would like to thank Ludwig Nussel for responsibly reporting this;flaw.;;NetworkManager users should upgrade to these updated packages, which;contain a backported patch that corrects this issue.

Description: Summary:
The remote host is missing updates announced in
advisory RHSA-2009:0362.

NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.

An information disclosure flaw was found in NetworkManager's D-Bus
interface. A local attacker could leverage this flaw to discover sensitive
information, such as network connection passwords and pre-shared keys.
(CVE-2009-0365)

Red Hat would like to thank Ludwig Nussel for responsibly reporting this
flaw.

NetworkManager users should upgrade to these updated packages, which
contain a backported patch that corrects this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

CVSS Score:
4.6

CVSS Vector:
AV:L/AC:L/Au:S/C:C/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2009-0365
BugTraq ID: 33966
http://www.securityfocus.com/bid/33966
Debian Security Information: DSA-1955 (Google Search)
http://www.debian.org/security/2009/dsa-1955
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828
http://www.redhat.com/support/errata/RHSA-2009-0361.html
http://www.redhat.com/support/errata/RHSA-2009-0362.html
http://www.securitytracker.com/id?1021908
http://securitytracker.com/id?1021910
http://securitytracker.com/id?1021911
http://secunia.com/advisories/34067
http://secunia.com/advisories/34177
http://secunia.com/advisories/34473
SuSE Security Announcement: SUSE-SA:2009:013 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html
SuSE Security Announcement: SUSE-SR:2009:009 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html
http://www.ubuntu.com/usn/USN-727-1
http://www.ubuntu.com/usn/USN-727-2
XForce ISS Database: networkmanager-dbus-info-disclosure(49062)
https://exchange.xforce.ibmcloud.com/vulnerabilities/49062

Copyright Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.63638
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0362
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0362.;;NetworkManager is a network link manager that attempts to keep a wired or;wireless network connection active at all times.;;An information disclosure flaw was found in NetworkManager's D-Bus;interface. A local attacker could leverage this flaw to discover sensitive;information, such as network connection passwords and pre-shared keys.;(CVE-2009-0365);;Red Hat would like to thank Ludwig Nussel for responsibly reporting this;flaw.;;NetworkManager users should upgrade to these updated packages, which;contain a backported patch that corrects this issue.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0362. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) Red Hat would like to thank Ludwig Nussel for responsibly reporting this flaw. NetworkManager users should upgrade to these updated packages, which contain a backported patch that corrects this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:S/C:C/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0365 BugTraq ID: 33966 http://www.securityfocus.com/bid/33966 Debian Security Information: DSA-1955 (Google Search) http://www.debian.org/security/2009/dsa-1955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828 http://www.redhat.com/support/errata/RHSA-2009-0361.html http://www.redhat.com/support/errata/RHSA-2009-0362.html http://www.securitytracker.com/id?1021908 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://secunia.com/advisories/34067 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 SuSE Security Announcement: SUSE-SA:2009:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-727-1 http://www.ubuntu.com/usn/USN-727-2 XForce ISS Database: networkmanager-dbus-info-disclosure(49062) https://exchange.xforce.ibmcloud.com/vulnerabilities/49062
Copyright	Copyright (C) 2009 E-Soft Inc.