PT-2008-6939 · Bluez+4 · Bluez+9

Ludwig Nussel

·

Published

1970-01-01

·

Updated

2017-09-29

·

CVE-2009-0365

CVSS v2.0

6.2

Medium

VectorAV:L/AC:L/Au:S/C:N/I:C/A:C
Name of the Vulnerable Software and Affected Versions hal-gnome versions (affected versions not specified) dbus-1-python-devel versions (affected versions not specified) NetworkManager-gnome versions prior to 0.7.0.99 hal-64bit versions (affected versions not specified) PolicyKit versions (affected versions not specified) bluez-cups versions (affected versions not specified) bluez versions (affected versions not specified) hal-debuginfo versions (affected versions not specified) pommed-debugsource versions (affected versions not specified) powersave versions (affected versions not specified) dbus-1-glib-debuginfo-64bit versions (affected versions not specified) libbluetooth3 versions (affected versions not specified) pommed-debuginfo versions (affected versions not specified) dbus-1-qt3-x86 versions (affected versions not specified) libnm-util-dev versions (affected versions not specified) PackageKit-lang versions (affected versions not specified) dbus-1-python-debugsource versions (affected versions not specified) hal-x86 versions (affected versions not specified) pommed-debuginfo versions (affected versions not specified) bluez-debugsource versions (affected versions not specified) hal-debuginfo versions (affected versions not specified) dbus-1-qt3-64bit versions (affected versions not specified) dbus-1-glib-devel versions (affected versions not specified) PolicyKit-debuginfo versions (affected versions not specified) dbus-1-glib-debuginfo versions (affected versions not specified) dbus-1-glib-32bit versions (affected versions not specified) bluez-alsa versions (affected versions not specified) dbus-1-64bit versions (affected versions not specified) powersave-libs-32bit versions (affected versions not specified) dbus-1-glib-32bit versions (affected versions not specified) wmpomme versions (affected versions not specified) PolicyKit-debugsource versions (affected versions not specified) libnm-util0 versions (affected versions not specified) hal-devel versions (affected versions not specified) libnm-glib-dev versions (affected versions not specified) dbus-1-java versions (affected versions not specified) hal-debuginfo-64bit versions (affected versions not specified) bluez-debugsource versions (affected versions not specified) hal-debuginfo versions (affected versions not specified) dbus-1-qt3-64bit versions (affected versions not specified) dbus-1-mono versions (affected versions not specified) hal-debugsource versions (affected versions not specified) dbus-1-glib-debugsource versions (affected versions not specified) dbus-1-glib-x86 versions (affected versions not specified) bluez-test versions (affected versions not specified) dbus-1-qt3-devel versions (affected versions not specified) libnm-glib0 versions (affected versions not specified) pommed versions (affected versions not specified) bluez-test versions (affected versions not specified) dbus-1-glib-64bit versions (affected versions not specified) powersave-libs-64bit versions (affected versions not specified) dbus-1-x11-debugsource versions (affected versions not specified) hal-32bit versions (affected versions not specified) bluez-devel versions (affected versions not specified) dbus-1-glib-debugsource versions (affected versions not specified) bluez-cups versions (affected versions not specified) bluez-debuginfo versions (affected versions not specified) hal-debuginfo-32bit versions (affected versions not specified) dbus-1-x11-debuginfo versions (affected versions not specified) powersave-libs versions (affected versions not specified) powersave-debugsource versions (affected versions not specified) pommed-debugsource versions (affected versions not specified) dbus-1-qt3 versions (affected versions not specified) dbus-1-debuginfo-64bit versions (affected versions not specified) dbus-1-qt3 versions (affected versions not specified) dbus-1-debuginfo-32bit versions (affected versions not specified) dbus-1-qt3-devel versions (affected versions not specified) dbus-1-glib-x86 versions (affected versions not specified) dbus-1-python-debugsource versions (affected versions not specified) PackageKit versions (affected versions not specified) PolicyKit-devel versions (affected versions not specified) dbus-1-qt3-debuginfo versions (affected versions not specified) hal versions (affected versions not specified) dbus-1-gtk versions (affected versions not specified) dbus-1-glib-doc versions (affected versions not specified) gpomme versions (affected versions not specified) dbus-1-mono-debuginfo versions (affected versions not specified) dbus-1-gtk versions (affected versions not specified) hal-debugsource versions (affected versions not specified) dbus-1-64bit versions (affected versions not specified) bluez-compat versions (affected versions not specified) powersave-debugsource versions (affected versions not specified) dbus-1-glib-64bit versions (affected versions not specified) dbus-1-glib-doc versions (affected versions not specified) dbus-1-glib versions (affected versions not specified) dbus-1-mono-debuginfo versions (affected versions not specified) dbus-1-glib-debuginfo versions (affected versions not specified) PolicyKit-32bit versions (affected versions not specified) bluez-devel versions (affected versions not specified) powersave-devel versions (affected versions not specified) powersave-devel versions (affected versions not specified) dbus-1-qt3-32bit versions (affected versions not specified) hal versions (affected versions not specified) dbus-1-qt3-debugsource versions (affected versions not specified)
Description The issue is related to multiple vulnerabilities in various packages of different operating systems, including SUSE Linux Enterprise, openSUSE, Debian GNU/Linux, and Red Hat Enterprise Linux. These vulnerabilities can be exploited locally by an attacker who has passed the authentication procedure, potentially leading to a breach of confidentiality, integrity, and availability of protected information. The vulnerabilities are related to incorrect deny settings, allowing local users to discover network connection passwords and pre-shared keys via calls to the GetSecrets method in the dbus request handler.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-16CWE-264

Related Identifiers

BDU:2015-02821
BDU:2015-02822
BDU:2015-02823
BDU:2015-02824
BDU:2015-04660
BDU:2015-04661
BDU:2015-04662
BDU:2015-04663
BDU:2015-04664
BDU:2015-04665
BDU:2015-04666
BDU:2015-04667
BDU:2015-04668
BDU:2015-04669
BDU:2015-04670
BDU:2015-04671
BDU:2015-04672
BDU:2015-04673
BDU:2015-04674
BDU:2015-04675
BDU:2015-04676
BDU:2015-04677
BDU:2015-04678
BDU:2015-04679
BDU:2015-04680
BDU:2015-04681
BDU:2015-04682
BDU:2015-04683
BDU:2015-04684
BDU:2015-04685
BDU:2015-04686
BDU:2015-04687
BDU:2015-04688
BDU:2015-04689
BDU:2015-04690
BDU:2015-04691
BDU:2015-04692
BDU:2015-04693
BDU:2015-04694
BDU:2015-04695
BDU:2015-04696
BDU:2015-04697
BDU:2015-04698
BDU:2015-04699
BDU:2015-04700
BDU:2015-04701
BDU:2015-04702
BDU:2015-04703
BDU:2015-04704
BDU:2015-04705
BDU:2015-04706
BDU:2015-04707
BDU:2015-04708
BDU:2015-04709
BDU:2015-04710
BDU:2015-04711
BDU:2015-04712
BDU:2015-04713
BDU:2015-04714
BDU:2015-04715
BDU:2015-04716
BDU:2015-04717
BDU:2015-04718
BDU:2015-04719
BDU:2015-04720
BDU:2015-04721
BDU:2015-04722
BDU:2015-05036
BDU:2015-05037
BDU:2015-05038
BDU:2015-05039
BDU:2015-05040
BDU:2015-05041
BDU:2015-05042
BDU:2015-05043
BDU:2015-05044
BDU:2015-05045
BDU:2015-05046
BDU:2015-05047
BDU:2015-05048
BDU:2015-05049
BDU:2015-05050
BDU:2015-05051
BDU:2015-05052
BDU:2015-05053
BDU:2015-05054
BDU:2015-05055
BDU:2015-05056
BDU:2015-05057
BDU:2015-05058
BDU:2015-05059
BDU:2015-05060
BDU:2015-05061
BDU:2015-05062
BDU:2015-05063
BDU:2015-05064
BDU:2015-05065
BDU:2015-05066
BDU:2015-05067
BDU:2015-05068
BDU:2015-05069
BDU:2015-05070
BDU:2015-05071
BDU:2015-05072
BDU:2015-05073
BDU:2015-05074
BDU:2015-05075
BDU:2015-05076
BDU:2015-05077
BDU:2015-05078
BDU:2015-05079
BDU:2015-05080
BDU:2015-05081
BDU:2015-05082
BDU:2015-05083
BDU:2015-05084
BDU:2015-05085
BDU:2015-05086
BDU:2015-05087
BDU:2015-05088
BDU:2015-05089
BDU:2015-05090
BDU:2015-05091
BDU:2015-05092
BDU:2015-05093
BDU:2015-05094
BDU:2015-05095
BDU:2015-05096
BDU:2015-05097
BDU:2015-05098
BDU:2015-05099
BDU:2015-05100
BDU:2015-05101
BDU:2015-05102
BDU:2015-05103
BDU:2015-05104
BDU:2015-06691
BDU:2015-06692
BDU:2015-08488
BDU:2015-08489
CVE-2009-0365
DSA-1955-1
RHSA-2009:0361
RHSA-2009:0362
RHSA-2009_0361
RHSA-2009_0362

Affected Products

Networkmanager
Packagekit
Policykit
Red Hat
Bluez
Dbus
Hal
Libbluetooth
Libnm
Pommed