CVE-2009-4145

Name of the Vulnerable Software and Affected Versions NetworkManager-gnome version 0.7.0 NetworkManager version 0.7.0 NetworkManager-glib-devel version 0.7.0 NetworkManager-glib version 0.7.0 NetworkManager-devel version 0.7.0

Description The issue concerns multiple vulnerabilities in the NetworkManager package, which can lead to a breach of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited remotely. Specifically, the nm-connection-editor in NetworkManager exports connection objects over D-Bus when actions are performed in the connection editor GUI, allowing local users to obtain sensitive information by reading D-Bus signals. For example, an attacker could use dbus-monitor to discover the password for a WiFi network.

Recommendations For NetworkManager-gnome version 0.7.0, consider disabling the nm-connection-editor feature until a patch is available. For NetworkManager version 0.7.0, restrict access to the D-Bus interface to minimize the risk of exploitation. For NetworkManager-glib-devel version 0.7.0, avoid using the D-Bus signals in the affected API endpoints until the issue is resolved. For NetworkManager-glib version 0.7.0, consider disabling the nm-connection-editor function until a patch is available. For NetworkManager-devel version 0.7.0, restrict access to the vulnerable module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.