Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2011:171 (networkmanager)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72068

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2011:171 (networkmanager)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to networkmanager
announced via advisory MDVSA-2011:171.

Security issues were identified and fixed in networkmanager:

GNOME NetworkManager before 0.8.6 does not properly enforce the
auth_admin element in PolicyKit, which allows local users to bypass
intended wireless network sharing restrictions via unspecified vectors
(CVE-2011-2176).

Incomplete blacklist vulnerability in the svEscape function in
settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME
NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when
PolicyKit is configured to allow users to create new connections,
allows local users to execute arbitrary commands via a newline
character in the name for a new network connection, which is not
properly handled when writing to the ifcfg file (CVE-2011-3364).

Instead of patching networkmanager, the latest 0.8.6.0 stable
version is being provided due to the large amount of bugs fixed
upstream. Also the networkmanager-applet, networkmanager-openconnect,
networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is
being provided with their latest 0.8.6.0 stable versions.

The provided packages solves these security vulnerabilities.

Affected: 2011.

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:171
http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8

Risk factor : High

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2176
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
http://www.redhat.com/support/errata/RHSA-2011-0930.html
http://securitytracker.com/id?1025711
http://secunia.com/advisories/44858
Common Vulnerability Exposure (CVE) ID: CVE-2011-3364
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html
http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/
https://bugzilla.redhat.com/show_bug.cgi?id=737338
http://www.redhat.com/support/errata/RHSA-2011-1338.html

Copyright Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72068
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2011:171 (networkmanager)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to networkmanager announced via advisory MDVSA-2011:171. Security issues were identified and fixed in networkmanager: GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors (CVE-2011-2176). Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file (CVE-2011-3364). Instead of patching networkmanager, the latest 0.8.6.0 stable version is being provided due to the large amount of bugs fixed upstream. Also the networkmanager-applet, networkmanager-openconnect, networkmanager-openvpn, networkmanager-pptp, networkmanager-vpnc is being provided with their latest 0.8.6.0 stable versions. The provided packages solves these security vulnerabilities. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2011:171 http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2176 http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:171 http://www.redhat.com/support/errata/RHSA-2011-0930.html http://securitytracker.com/id?1025711 http://secunia.com/advisories/44858 Common Vulnerability Exposure (CVE) ID: CVE-2011-3364 http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/ https://bugzilla.redhat.com/show_bug.cgi?id=737338 http://www.redhat.com/support/errata/RHSA-2011-1338.html
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com