Ubuntu Local Security Checks : Ubuntu USN-727-1 (network-manager-applet)

Price/Feature Summary | Order | New Vulnerabilities | Confidentiality | Vulnerability Search

Vulnerability Search		Search 61204 CVE descriptions and 32582 test descriptions, access 10,000+ cross references.
	Tests CVE All

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

New User Registration
Email:

UserID:

Passwd:

Please email me your monthly newsletters, informing the latest services, improvements & surveys.

Please email me a vulnerability test announcement whenever a new test is added.

Privacy

Registered User Login

UserID:

Passwd:

Forgot userid or passwd?

Email/Userid:

Test ID:	1.3.6.1.4.1.25623.1.0.63505
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-727-1 (network-manager-applet)
Summary:	Ubuntu USN-727-1 (network-manager-applet)
Description:	The remote host is missing an update to network-manager-applet announced via advisory USN-727-1. Details follow: It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view other users' network connection passwords and pre-shared keys. (CVE-2009-0365) It was discovered that network-manager-applet did not properly enforce permissions when responding to dbus modify and delete requests. A local user could use dbus to modify or delete other users' network connections. This issue only applied to Ubuntu 8.10. (CVE-2009-0578) Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 7.10: network-manager-gnome 0.6.5-0ubuntu11~ 7.10.1 Ubuntu 8.04 LTS: network-manager-gnome 0.6.6-0ubuntu3.1 Ubuntu 8.10: network-manager-gnome 0.7~ ~ svn20081020t000444-0ubuntu1.8.10.2 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-727-1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0365 Debian Security Information: DSA-1955 (Google Search) http://www.debian.org/security/2009/dsa-1955 http://www.redhat.com/support/errata/RHSA-2009-0362.html http://www.redhat.com/support/errata/RHSA-2009-0361.html SuSE Security Announcement: SUSE-SA:2009:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-727-1 http://www.ubuntu.com/usn/USN-727-2 BugTraq ID: 33966 http://www.securityfocus.com/bid/33966 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10828 http://www.securitytracker.com/id?1021908 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 http://secunia.com/advisories/34067 XForce ISS Database: networkmanager-dbus-info-disclosure(49062) http://xforce.iss.net/xforce/xfdb/49062 Common Vulnerability Exposure (CVE) ID: CVE-2009-0578 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8931 http://www.securitytracker.com/id?1021909 XForce ISS Database: networkmanager-dbus-security-bypass(49063) http://xforce.iss.net/xforce/xfdb/49063 Common Vulnerability Exposure (CVE) ID: CVE-2009-0037 Bugtraq: 20090312 rPSA-2009-0042-1 curl (Google Search) http://www.securityfocus.com/archive/1/archive/1/501757/100/0/threaded Bugtraq: 20090711 VMSA-2009-0009 ESX Service Console updates for udev, sudo, and curl (Google Search) http://www.securityfocus.com/archive/1/archive/1/504849/100/0/threaded http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://www.withdk.com/2009/03/03/curllibcurl-redirect-arbitrary-file-access/ http://www.withdk.com/archives/Libcurl_arbitrary_file_access.pdf http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html Debian Security Information: DSA-1738 (Google Search) http://www.debian.org/security/2009/dsa-1738 http://security.gentoo.org/glsa/glsa-200903-21.xml http://www.redhat.com/support/errata/RHSA-2009-0341.html http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.476602 SuSE Security Announcement: SUSE-SR:2009:006 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://www.ubuntu.com/usn/USN-726-1 BugTraq ID: 33962 http://www.securityfocus.com/bid/33962 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11054 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6074 http://www.securitytracker.com/id?1021783 http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34255 http://secunia.com/advisories/34259 http://secunia.com/advisories/34237 http://secunia.com/advisories/34251 http://secunia.com/advisories/34399 http://secunia.com/advisories/35766 http://www.vupen.com/english/advisories/2009/0581 http://www.vupen.com/english/advisories/2009/1865 XForce ISS Database: curl-location-security-bypass(49030) http://xforce.iss.net/xforce/xfdb/49030 Common Vulnerability Exposure (CVE) ID: CVE-2008-5005 Bugtraq: 20081103 Bitsec Security Advisory: UW/Panda IMAP [dt]mail buffer overflow (Google Search) http://www.securityfocus.com/archive/1/archive/1/498002/100/0/threaded http://marc.info/?l=full-disclosure&m=122572590212610&w=4 http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002267.html http://mailman2.u.washington.edu/pipermail/imap-uw/2008-October/002268.html http://www.openwall.com/lists/oss-security/2008/11/03/3 http://www.openwall.com/lists/oss-security/2008/11/03/4 http://www.openwall.com/lists/oss-security/2008/11/03/5 http://www.bitsec.com/en/rad/bsa-081103.c http://www.bitsec.com/en/rad/bsa-081103.txt http://www.washington.edu/alpine/tmailbug.html Debian Security Information: DSA-1685 (Google Search) http://www.debian.org/security/2008/dsa-1685 https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00058.html https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00082.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:146 RedHat Security Advisories: RHSA-2009:0275 http://rhn.redhat.com/errata/RHSA-2009-0275.html BugTraq ID: 32072 http://www.securityfocus.com/bid/32072 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10485 http://www.vupen.com/english/advisories/2008/3042 http://securitytracker.com/id?1021131 http://secunia.com/advisories/32483 http://secunia.com/advisories/32512 http://secunia.com/advisories/33142 http://secunia.com/advisories/33996 http://securityreason.com/securityalert/4570 XForce ISS Database: uwimapd-tmail-bo(46281) http://xforce.iss.net/xforce/xfdb/46281 Common Vulnerability Exposure (CVE) ID: CVE-2009-0619 Cisco Security Advisory: 20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080a80faa.shtml BugTraq ID: 33975 http://www.securityfocus.com/bid/33975 http://www.securitytracker.com/id?1021787 XForce ISS Database: cisco-sbc-dos(49055) http://xforce.iss.net/xforce/xfdb/49055 Common Vulnerability Exposure (CVE) ID: CVE-2009-0537 http://securityreason.com/achievement_securityalert/60 Bugtraq: 20090305 libc:fts_*():multiple vendors, Denial-of-service (Google Search) http://www.securityfocus.com/archive/1/archive/1/501505/100/0/threaded http://www.milw0rm.com/exploits/8163 BugTraq ID: 34008 http://www.securityfocus.com/bid/34008 http://www.securitytracker.com/id?1021818 Common Vulnerability Exposure (CVE) ID: CVE-2009-0775 Debian Security Information: DSA-1751 (Google Search) http://www.debian.org/security/2009/dsa-1751 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 http://www.redhat.com/support/errata/RHSA-2009-0258.html http://www.redhat.com/support/errata/RHSA-2009-0315.html http://www.redhat.com/support/errata/RHSA-2009-0325.html SuSE Security Announcement: SUSE-SA:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html BugTraq ID: 33990 http://www.securityfocus.com/bid/33990 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5806 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5816 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6207 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7584 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9681 http://www.securitytracker.com/id?1021796 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34383 http://secunia.com/advisories/34324 http://secunia.com/advisories/34417 http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://www.vupen.com/english/advisories/2009/0632 Common Vulnerability Exposure (CVE) ID: CVE-2007-4850 http://securityreason.com/achievement_securityalert/51 Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search) http://www.securityfocus.com/archive/1/archive/1/486856/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html http://www.openwall.com/lists/oss-security/2008/05/02/2 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.ubuntu.com/usn/usn-628-1 BugTraq ID: 27413 http://www.securityfocus.com/bid/27413 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 http://secunia.com/advisories/30048 http://secunia.com/advisories/30411 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3562 XForce ISS Database: php-curlinit-security-bypass(39852) http://xforce.iss.net/xforce/xfdb/39852 XForce ISS Database: php-safemode-directive-security-bypass(42134) http://xforce.iss.net/xforce/xfdb/42134 Common Vulnerability Exposure (CVE) ID: CVE-2008-5557 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.redhat.com/support/errata/RHSA-2009-0350.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html BugTraq ID: 32948 http://www.securityfocus.com/bid/32948 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10286 http://securitytracker.com/id?1021482 http://secunia.com/advisories/34642 http://secunia.com/advisories/35003 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-multibyte-bo(47525) http://xforce.iss.net/xforce/xfdb/47525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 http://www.ubuntulinux.org/support/documentation/usn/usn-761-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11035 http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34830 http://secunia.com/advisories/35007 Common Vulnerability Exposure (CVE) ID: CVE-2009-0544 http://www.openwall.com/lists/oss-security/2009/02/07/1 http://www.openwall.com/lists/oss-security/2009/02/12/5 http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:049 http://www.mandriva.com/security/advisories?name=MDVSA-2009:050 SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html BugTraq ID: 33674 http://www.securityfocus.com/bid/33674 http://secunia.com/advisories/34199 http://secunia.com/advisories/35065 XForce ISS Database: pycrypto-arc2module-bo(48617) http://xforce.iss.net/xforce/xfdb/48617
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com