USN-727-1: network-manager-applet vulnerabilities

Ubuntu Security Notice USN-727-1

3rd March, 2009

network-manager-applet vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 8.10
  • Ubuntu 8.04 LTS
  • Ubuntu 7.10

Software description

  • network-manager-applet

Details

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users' network connection passwords and pre-shared keys.
(CVE-2009-0365)

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
could use dbus to modify or delete other users' network connections. This issue
only applied to Ubuntu 8.10. (CVE-2009-0578)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 8.10:
network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.2
Ubuntu 8.04 LTS:
network-manager-gnome 0.6.6-0ubuntu3.1
Ubuntu 7.10:
network-manager-gnome 0.6.5-0ubuntu11~7.10.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system upgrade is sufficient to effect the
necessary changes.

References

CVE-2009-0365, CVE-2009-0578