CVE-2011-3364

Name of the Vulnerable Software and Affected Versions NetworkManager versions 0.8.1 through 0.9.1 NetworkManager-glib versions 0.8.1 NetworkManager-glib-devel version 0.8.1 NetworkManager-devel version 0.8.1 NetworkManager-gnome version 0.8.1 NetworkManager-debuginfo version 0.8.1

Description The issue allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file. This can lead to a disruption of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out locally.

Recommendations For NetworkManager versions 0.8.1 through 0.9.1, consider disabling the creation of new network connections via PolicyKit until a patch is available. For NetworkManager-glib versions 0.8.1, NetworkManager-glib-devel version 0.8.1, NetworkManager-devel version 0.8.1, NetworkManager-gnome version 0.8.1, and NetworkManager-debuginfo version 0.8.1, restrict access to the ifcfg file to minimize the risk of exploitation. Avoid using newline characters in the name for new network connections until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.