Ubuntu Security Notice USN-727-1
3rd March, 2009
network-manager-applet vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 8.10
- Ubuntu 8.04 LTS
- Ubuntu 7.10
Software description
- network-manager-applet
Details
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users' network connection passwords and pre-shared keys.
(CVE-2009-0365)
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
could use dbus to modify or delete other users' network connections. This issue
only applied to Ubuntu 8.10. (CVE-2009-0578)
Update instructions
The problem can be corrected by updating your system to the following package version:
- Ubuntu 8.10:
- network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.2
- Ubuntu 8.04 LTS:
- network-manager-gnome 0.6.6-0ubuntu3.1
- Ubuntu 7.10:
- network-manager-gnome 0.6.5-0ubuntu11~7.10.1
To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system upgrade is sufficient to effect the
necessary changes.