Test ID:	1.3.6.1.4.1.25623.1.0.63507
Category:	Ubuntu Local Security Checks
Title:	Ubuntu USN-727-2 (network-manager)
Summary:	Ubuntu USN-727-2 (network-manager)
Description:	The remote host is missing an update to network-manager announced via advisory USN-727-2. Details follow: USN-727-1 fixed vulnerabilities in network-manager-applet. This advisory provides the corresponding updates for NetworkManager. It was discovered that NetworkManager did not properly enforce permissions when responding to dbus requests. A local user could perform dbus queries to view system and user network connection passwords and pre-shared keys. Solution: The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: network-manager-gnome 0.6.2-0ubuntu7.1 Ubuntu 8.10: network-manager 0.7~ ~ svn20081018t105859-0ubuntu1.8.10.2 In general, a standard system upgrade is sufficient to effect the necessary changes. http://www.securityspace.com/smysecure/catid.html?in=USN-727-2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0365 Debian Security Information: DSA-1955 (Google Search) http://www.debian.org/security/2009/dsa-1955 http://www.redhat.com/support/errata/RHSA-2009-0362.html http://www.redhat.com/support/errata/RHSA-2009-0361.html SuSE Security Announcement: SUSE-SA:2009:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-727-1 http://www.ubuntu.com/usn/USN-727-2 BugTraq ID: 33966 http://www.securityfocus.com/bid/33966 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10828 http://www.securitytracker.com/id?1021908 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 http://secunia.com/advisories/34067 XForce ISS Database: networkmanager-dbus-info-disclosure(49062) http://xforce.iss.net/xforce/xfdb/49062 Common Vulnerability Exposure (CVE) ID: CVE-2009-0619 Cisco Security Advisory: 20090304 Cisco 7600 Series Router Session Border Controller Denial of Service Vulnerability http://www.cisco.com/en/US/products/products_security_advisory09186a0080a80faa.shtml BugTraq ID: 33975 http://www.securityfocus.com/bid/33975 http://www.securitytracker.com/id?1021787 XForce ISS Database: cisco-sbc-dos(49055) http://xforce.iss.net/xforce/xfdb/49055 Common Vulnerability Exposure (CVE) ID: CVE-2009-0537 http://securityreason.com/achievement_securityalert/60 Bugtraq: 20090305 libc:fts_*():multiple vendors, Denial-of-service (Google Search) http://www.securityfocus.com/archive/1/archive/1/501505/100/0/threaded http://www.milw0rm.com/exploits/8163 BugTraq ID: 34008 http://www.securityfocus.com/bid/34008 http://www.securitytracker.com/id?1021818 Common Vulnerability Exposure (CVE) ID: CVE-2009-0775 Debian Security Information: DSA-1751 (Google Search) http://www.debian.org/security/2009/dsa-1751 https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:075 http://www.redhat.com/support/errata/RHSA-2009-0258.html http://www.redhat.com/support/errata/RHSA-2009-0315.html http://www.redhat.com/support/errata/RHSA-2009-0325.html SuSE Security Announcement: SUSE-SA:2009:012 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html BugTraq ID: 33990 http://www.securityfocus.com/bid/33990 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5806 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:5816 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:6207 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7584 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9681 http://www.securitytracker.com/id?1021796 http://secunia.com/advisories/34145 http://secunia.com/advisories/34272 http://secunia.com/advisories/34383 http://secunia.com/advisories/34324 http://secunia.com/advisories/34417 http://secunia.com/advisories/34137 http://secunia.com/advisories/34140 http://www.vupen.com/english/advisories/2009/0632 Common Vulnerability Exposure (CVE) ID: CVE-2007-4850 http://securityreason.com/achievement_securityalert/51 Bugtraq: 20080122 PHP 5.2.5 cURL safe_mode bypass (Google Search) http://www.securityfocus.com/archive/1/archive/1/486856/100/0/threaded Bugtraq: 20080527 rPSA-2008-0178-1 php php-mysql php-pgsql (Google Search) http://www.securityfocus.com/archive/1/archive/1/492671/100/0/threaded http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059849.html http://www.openwall.com/lists/oss-security/2008/05/02/2 http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:022 http://www.mandriva.com/security/advisories?name=MDVSA-2009:023 http://www.ubuntu.com/usn/usn-628-1 BugTraq ID: 27413 http://www.securityfocus.com/bid/27413 BugTraq ID: 29009 http://www.securityfocus.com/bid/29009 BugTraq ID: 31681 http://www.securityfocus.com/bid/31681 http://www.vupen.com/english/advisories/2008/1412 http://www.vupen.com/english/advisories/2008/2268 http://www.vupen.com/english/advisories/2008/2780 http://secunia.com/advisories/30048 http://secunia.com/advisories/30411 http://secunia.com/advisories/31200 http://secunia.com/advisories/31326 http://secunia.com/advisories/32222 http://securityreason.com/securityalert/3562 XForce ISS Database: php-curlinit-security-bypass(39852) http://xforce.iss.net/xforce/xfdb/39852 XForce ISS Database: php-safemode-directive-security-bypass(42134) http://xforce.iss.net/xforce/xfdb/42134 Common Vulnerability Exposure (CVE) ID: CVE-2008-5557 Bugtraq: 20090302 rPSA-2009-0035-1 php php-cgi php-imap php-mcrypt php-mysql php-mysqli php-pgsql php-soap php-xsl php5 php5-cgi php5-imap php5-mcrypt php5-mysql php5-mysqli php5-pear php5-pgsql php5-soap php5-xsl (Google Search) http://www.securityfocus.com/archive/1/archive/1/501376/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2008-12/0477.html http://lists.apple.com/archives/security-announce/2009/May/msg00002.html Debian Security Information: DSA-1789 (Google Search) http://www.debian.org/security/2009/dsa-1789 https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01451.html https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01465.html HPdes Security Advisory: HPSBUX02431 http://marc.info/?l=bugtraq&m=124654546101607&w=2 HPdes Security Advisory: SSRT090085 HPdes Security Advisory: HPSBUX02465 http://marc.info/?l=bugtraq&m=125631037611762&w=2 HPdes Security Advisory: SSRT090192 HPdes Security Advisory: HPSBMA02492 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02029444 HPdes Security Advisory: SSRT100079 http://www.mandriva.com/security/advisories?name=MDVSA-2009:045 http://www.redhat.com/support/errata/RHSA-2009-0350.html SuSE Security Announcement: SUSE-SR:2009:004 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html SuSE Security Announcement: SUSE-SR:2009:008 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html Cert/CC Advisory: TA09-133A http://www.us-cert.gov/cas/techalerts/TA09-133A.html BugTraq ID: 32948 http://www.securityfocus.com/bid/32948 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10286 http://securitytracker.com/id?1021482 http://secunia.com/advisories/34642 http://secunia.com/advisories/35003 http://secunia.com/advisories/35074 http://secunia.com/advisories/35306 http://secunia.com/advisories/35650 http://www.vupen.com/english/advisories/2009/1297 XForce ISS Database: php-multibyte-bo(47525) http://xforce.iss.net/xforce/xfdb/47525 Common Vulnerability Exposure (CVE) ID: CVE-2009-0754 http://www.openwall.com/lists/oss-security/2009/01/30/1 http://www.openwall.com/lists/oss-security/2009/02/03/3 http://www.openwall.com/lists/oss-security/2009/02/25/3 http://www.ubuntulinux.org/support/documentation/usn/usn-761-1 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11035 http://www.securitytracker.com/id?1021979 http://secunia.com/advisories/34830 http://secunia.com/advisories/35007 Common Vulnerability Exposure (CVE) ID: CVE-2009-0544 http://www.openwall.com/lists/oss-security/2009/02/07/1 http://www.openwall.com/lists/oss-security/2009/02/12/5 http://www.gentoo.org/security/en/glsa/glsa-200903-11.xml http://www.mandriva.com/security/advisories?name=MDVSA-2009:049 http://www.mandriva.com/security/advisories?name=MDVSA-2009:050 SuSE Security Announcement: SUSE-SR:2009:010 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html BugTraq ID: 33674 http://www.securityfocus.com/bid/33674 http://secunia.com/advisories/34199 http://secunia.com/advisories/35065 XForce ISS Database: pycrypto-arc2module-bo(48617) http://xforce.iss.net/xforce/xfdb/48617
Copyright	Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: