Test ID:	1.3.6.1.4.1.25623.1.0.880835
Category:	CentOS Local Security Checks
Title:	CentOS Update for NetworkManager CESA-2009:0361 centos5 i386
Summary:	The remote host is missing an update for the 'NetworkManager'; package(s) announced via the referenced advisory.
Description:	Summary: The remote host is missing an update for the 'NetworkManager' package(s) announced via the referenced advisory. Vulnerability Insight: NetworkManager is a network link manager that attempts to keep a wired or wireless network connection active at all times. An information disclosure flaw was found in NetworkManager's D-Bus interface. A local attacker could leverage this flaw to discover sensitive information, such as network connection passwords and pre-shared keys. (CVE-2009-0365) A potential denial of service flaw was found in NetworkManager's D-Bus interface. A local user could leverage this flaw to modify local connection settings, preventing the system's network connection from functioning properly. (CVE-2009-0578) Red Hat would like to thank Ludwig Nussel for reporting these flaws responsibly. Users of NetworkManager should upgrade to these updated packages which contain backported patches to correct these issues. Affected Software/OS: NetworkManager on CentOS 5 Solution: Please install the updated packages. CVSS Score: 6.2 CVSS Vector: AV:L/AC:L/Au:S/C:N/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0365 BugTraq ID: 33966 http://www.securityfocus.com/bid/33966 Debian Security Information: DSA-1955 (Google Search) http://www.debian.org/security/2009/dsa-1955 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10828 http://www.redhat.com/support/errata/RHSA-2009-0361.html http://www.redhat.com/support/errata/RHSA-2009-0362.html http://www.securitytracker.com/id?1021908 http://securitytracker.com/id?1021910 http://securitytracker.com/id?1021911 http://secunia.com/advisories/34067 http://secunia.com/advisories/34177 http://secunia.com/advisories/34473 SuSE Security Announcement: SUSE-SA:2009:013 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html SuSE Security Announcement: SUSE-SR:2009:009 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://www.ubuntu.com/usn/USN-727-1 http://www.ubuntu.com/usn/USN-727-2 XForce ISS Database: networkmanager-dbus-info-disclosure(49062) https://exchange.xforce.ibmcloud.com/vulnerabilities/49062 Common Vulnerability Exposure (CVE) ID: CVE-2009-0578 1021909 http://www.securitytracker.com/id?1021909 33966 34067 34473 RHSA-2009:0361 SUSE-SA:2009:013 SUSE-SR:2009:009 USN-727-1 https://bugzilla.redhat.com/show_bug.cgi?id=487752 networkmanager-dbus-security-bypass(49063) https://exchange.xforce.ibmcloud.com/vulnerabilities/49063 oval:org.mitre.oval:def:8931 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.