Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:171 (networkmanager)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72068

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:171 (networkmanager)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to networkmanager
announced via advisory MDVSA-2011:171.

Security issues were identified and fixed in networkmanager:

GNOME NetworkManager before 0.8.6 does not properly enforce the
auth_admin element in PolicyKit, which allows local users to bypass
intended wireless network sharing restrictions via unspecified vectors
(CVE-2011-2176).

Incomplete blacklist vulnerability in the svEscape function in
settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
PolicyKit is configured to allow users to create new connections,
allows local users to execute arbitrary commands via a newline
character in the name for a new network connection, which is not
properly handled when writing to the ifcfg file (CVE-2011-3364).

Instead of patching networkmanager, the latest 0.8.6.0 stable
version is being provided due to the large amount of bugs fixed
upstream. Also the networkmanager-applet, networkmanager-openconnect,
networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is
being provided with their latest 0.8.6.0 stable versions.

The provided packages solves these security vulnerabilities.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:171
http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2176
1025711
http://securitytracker.com/id?1025711
44858
http://secunia.com/advisories/44858
FEDORA-2011-8612
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html
MDVSA-2011:171
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
RHSA-2011:0930
http://www.redhat.com/support/errata/RHSA-2011-0930.html
http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8
https://bugzilla.redhat.com/show_bug.cgi?id=709662
Common Vulnerability Exposure (CVE) ID: CVE-2011-3364
FEDORA-2011-13425
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html
RHSA-2011:1338
http://www.redhat.com/support/errata/RHSA-2011-1338.html
http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/
https://bugzilla.redhat.com/show_bug.cgi?id=737338

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72068
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:171 (networkmanager)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to networkmanager announced via advisory MDVSA-2011:171. Security issues were identified and fixed in networkmanager: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors (CVE-2011-2176). Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file (CVE-2011-3364). Instead of patching networkmanager, the latest 0.8.6.0 stable version is being provided due to the large amount of bugs fixed upstream. Also the networkmanager-applet, networkmanager-openconnect, networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is being provided with their latest 0.8.6.0 stable versions. The provided packages solves these security vulnerabilities. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2011:171 http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2176 1025711 http://securitytracker.com/id?1025711 44858 http://secunia.com/advisories/44858 FEDORA-2011-8612 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html MDVSA-2011:171 http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 RHSA-2011:0930 http://www.redhat.com/support/errata/RHSA-2011-0930.html http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 https://bugzilla.redhat.com/show_bug.cgi?id=709662 Common Vulnerability Exposure (CVE) ID: CVE-2011-3364 FEDORA-2011-13425 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html RHSA-2011:1338 http://www.redhat.com/support/errata/RHSA-2011-1338.html http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/ https://bugzilla.redhat.com/show_bug.cgi?id=737338
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com