2.1

CVE-2009-4145

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnomeNetworkmanager Version0.7.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.38% 0.299
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.1 3.9 2.9
AV:L/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
http://secunia.com/advisories/38420
http://www.openwall.com/lists/oss-security/2009/12/16/3
http://www.redhat.com/support/errata/RHSA-2010-0108.html
http://www.securityfocus.com/bid/37580
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2
Patch
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894
Patch
http://secunia.com/advisories/37819
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=546117
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/54898
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539