 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.880609 |
| Category: | CentOS Local Security Checks |
| Title: | CentOS Update for NetworkManager CESA-2010:0616 centos5 i386 |
| Summary: | The remote host is missing an update for the 'NetworkManager'; package(s) announced via the referenced advisory. |
| Description: | Summary: The remote host is missing an update for the 'NetworkManager' package(s) announced via the referenced advisory. Vulnerability Insight: dbus-glib is an add-on library to integrate the standard D-Bus library with the GLib main loop and threading model. NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. It was discovered that dbus-glib did not enforce the 'access' flag on exported GObject properties. If such a property were read/write internally but specified as read-only externally, a malicious, local user could use this flaw to modify that property of an application. Such a change could impact the application's behavior (for example, if an IP address were changed the network may not come up properly after reboot) and possibly lead to a denial of service. (CVE-2010-1172) Due to the way dbus-glib translates an application's XML definitions of service interfaces and properties into C code at application build time, applications built against dbus-glib that use read-only properties needed to be rebuilt to fully fix the flaw. As such, this update provides NetworkManager packages that have been rebuilt against the updated dbus-glib packages. No other applications shipped with Red Hat Enterprise Linux 5 were affected. All dbus-glib and NetworkManager users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. Running instances of NetworkManager must be restarted (service NetworkManager restart) for this update to take effect. Affected Software/OS: NetworkManager on CentOS 5 Solution: Please install the updated packages. CVSS Score: 3.6 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-1172 40908 http://secunia.com/advisories/40908 40925 http://secunia.com/advisories/40925 42347 http://www.securityfocus.com/bid/42347 42397 http://secunia.com/advisories/42397 ADV-2010-2063 http://www.vupen.com/english/advisories/2010/2063 ADV-2010-3097 http://www.vupen.com/english/advisories/2010/3097 RHSA-2010:0616 http://www.redhat.com/support/errata/RHSA-2010-0616.html SUSE-SR:2010:019 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html SUSE-SR:2010:020 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00001.html SUSE-SR:2010:022 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00006.html glib-property-security-bypass(61041) https://exchange.xforce.ibmcloud.com/vulnerabilities/61041 http://cgit.freedesktop.org/dbus/dbus-glib/commit/?h=rhel5&id=9a6bce9b615abca6068348c1606ba8eaf13d9ae0 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://support.avaya.com/css/P8/documents/100113103 https://bugzilla.redhat.com/show_bug.cgi?id=585394 |
| Copyright | Copyright (C) 2011 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |