Test ID:	1.3.6.1.4.1.25623.1.0.63639
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0361
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0361.;;NetworkManager is a network link manager that attempts to keep a wired or;wireless network connection active at all times.;;An information disclosure flaw was found in NetworkManager's D-Bus;interface. A local attacker could leverage this flaw to discover sensitive;information, such as network connection passwords and pre-shared keys.;(CVE-2009-0365);;A potential denial of service flaw was found in NetworkManager's D-Bus;interface. A local user could leverage this flaw to modify local connection;settings, preventing the system's network connection from functioning;properly. (CVE-2009-0578);;Red Hat would like to thank Ludwig Nussel for reporting these flaws;responsibly.;;Users of NetworkManager should upgrade to these updated packages which;contain backported patches to correct these issues.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0361. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) A potential denial of service flaw was found in NetworkManager's D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system's network connection from functioning properly. (CVE-2009-0578) Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly. Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 6.2 CVSS Vector: AV:L/AC:L/Au:S/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0365 BugTraq ID: 33966 http://www.securityfocus.com/bid/33966 Debian Security Information: DSA-1955 (Google Search) http://www.debian.org/security/2009/dsa-1955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828 http://www.redhat.com/support/errata/RHSA-2009-0361.html http://www.redhat.com/support/errata/RHSA-2009-0362.html http://www.securitytracker.com/id?1021908 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://secunia.com/advisories/34067 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 SuSE Security Announcement: SUSE-SA:2009:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-727-1 http://www.ubuntu.com/usn/USN-727-2 XForce ISS Database: networkmanager-dbus-info-disclosure(49062) https://exchange.xforce.ibmcloud.com/vulnerabilities/49062 Common Vulnerability Exposure (CVE) ID: CVE-2009-0578 1021909 http://www.securitytracker.com/id?1021909 33966 34067 34473 RHSA-2009:0361 SUSE-SA:2009:013 SUSE-SR:2009:009 USN-727-1 https://bugzilla.redhat.com/show_bug.cgi?id=487752 networkmanager-dbus-security-bypass(49063) https://exchange.xforce.ibmcloud.com/vulnerabilities/49063 oval:org.mitre.oval:def:8931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.