Welcome to our website
To take full advantage of all features you need to login or register. Registration is completely free and takes only a few seconds.
USN-727-1: network-manager-applet vulnerabilities
Posted by Bob on: 03/03/2009 08:55 PM [ Print | 0 comment(s) ]
A new network-manager-applet vulnerabilities update is available for Ubuntu Linux. Here the announcement:
Ubuntu Security Notice USN-727-1 March 03, 2009
network-manager-applet vulnerabilities
CVE-2009-0365, CVE-2009-0578
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
network-manager-gnome 0.6.5-0ubuntu11~7.10.1
Ubuntu 8.04 LTS:
network-manager-gnome 0.6.6-0ubuntu3.1
Ubuntu 8.10:
network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform db=
us
queries to view other users' network connection passwords and pre-shared ke=
ys.
(CVE-2009-0365)
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local use=
r
could use dbus to modify or delete other users' network connections. This i=
ssue
only applied to Ubuntu 8.10. (CVE-2009-0578)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5-0ubuntu11~7.10.1.diff.gz
Size/MD5: 7691 a46630110934b343c4ca8e9a36ed915f
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5-0ubuntu11~7.10.1.dsc
Size/MD5: 1024 de8efd3c74908e6c2b211705e599f08d
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5.orig.tar.gz
Size/MD5: 728673 ad8e3feccbb1fcb9627f876cba6dcb0e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_amd64.deb
Size/MD5: 145754 148c33705c10ad4d070f4f94a16e8718
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_i386.deb
Size/MD5: 138020 b2799201f3ffe0519217eeb3b14fdb6d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.5-0ubuntu11~7.10.1_lpia.deb
Size/MD5: 137380 924c344d2874f098198d7cf85fd875ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_powerpc.deb
Size/MD5: 147252 718e0776e184ccf7b2af79b4d28b7a6d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_sparc.deb
Size/MD5: 138660 dd0e6039514e65dfdbf90b1b81bb3810
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6-0ubuntu3.1.diff.gz
Size/MD5: 11001 c5f9ed4f19e0efc956074a0c8f51a5b2
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6-0ubuntu3.1.dsc
Size/MD5: 1020 181665f28e65a036c5e00de77b82b780
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6.orig.tar.gz
Size/MD5: 808916 f01275d74ed277b1a587cbb411811297
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.6-0ubuntu3.1_amd64.deb
Size/MD5: 176034 0c9a763eca6983abf1f92bf6591e4fea
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.6-0ubuntu3.1_i386.deb
Size/MD5: 165398 ff7cb4aa3d452ef58c78eef8b9867136
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_lpia.deb
Size/MD5: 164806 0c59ab436eb451169a5f141174db9e9b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_powerpc.deb
Size/MD5: 178224 e5d54ccb3fea2a24231eae94548deb96
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_sparc.deb
Size/MD5: 165134 83480e1cce024d7ac57df99901c30034
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.diff.gz
Size/MD5: 45842 868c74bce7081563ad9f9e3d9213a12e
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.dsc
Size/MD5: 1745 2e3fa86787038792390ee42bf583ff68
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444.orig.tar.gz
Size/MD5: 668729 af829714605058afb3cf77c5d419ae83
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_amd64.deb
Size/MD5: 312726 e908146a408b9f979bdbcd97eb6d5321
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_i386.deb
Size/MD5: 298752 7f7de4a66ab8158b09fc3a8e6b5b51b2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_lpia.deb
Size/MD5: 297408 d1011545dbce454951903801c81237a1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_powerpc.deb
Size/MD5: 309074 1dd0558d633b648761ceb913fe4d5452
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_sparc.deb
Size/MD5: 301496 5edc29edd0c0861bedb46b33a146bb44
--=-n76QrbdNQdmRAYxp9RPU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkmtiM4ACgkQLMAs/0C4zNqLhACfdvIpcnmhf61pbKQebQ062jMv
XHIAn1jNzZIgP6P3HSJr8YvjcNXu9lv/
=xex2
-----END PGP SIGNATURE-----
network-manager-applet vulnerabilities
CVE-2009-0365, CVE-2009-0578
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 7.10:
network-manager-gnome 0.6.5-0ubuntu11~7.10.1
Ubuntu 8.04 LTS:
network-manager-gnome 0.6.6-0ubuntu3.1
Ubuntu 8.10:
network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.2
In general, a standard system upgrade is sufficient to effect the
necessary changes.
Details follow:
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform db=
us
queries to view other users' network connection passwords and pre-shared ke=
ys.
(CVE-2009-0365)
It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local use=
r
could use dbus to modify or delete other users' network connections. This i=
ssue
only applied to Ubuntu 8.10. (CVE-2009-0578)
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5-0ubuntu11~7.10.1.diff.gz
Size/MD5: 7691 a46630110934b343c4ca8e9a36ed915f
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5-0ubuntu11~7.10.1.dsc
Size/MD5: 1024 de8efd3c74908e6c2b211705e599f08d
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.5.orig.tar.gz
Size/MD5: 728673 ad8e3feccbb1fcb9627f876cba6dcb0e
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_amd64.deb
Size/MD5: 145754 148c33705c10ad4d070f4f94a16e8718
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_i386.deb
Size/MD5: 138020 b2799201f3ffe0519217eeb3b14fdb6d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.5-0ubuntu11~7.10.1_lpia.deb
Size/MD5: 137380 924c344d2874f098198d7cf85fd875ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_powerpc.deb
Size/MD5: 147252 718e0776e184ccf7b2af79b4d28b7a6d
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.5-0ubuntu11~7.10.1_sparc.deb
Size/MD5: 138660 dd0e6039514e65dfdbf90b1b81bb3810
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6-0ubuntu3.1.diff.gz
Size/MD5: 11001 c5f9ed4f19e0efc956074a0c8f51a5b2
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6-0ubuntu3.1.dsc
Size/MD5: 1020 181665f28e65a036c5e00de77b82b780
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.6.6.orig.tar.gz
Size/MD5: 808916 f01275d74ed277b1a587cbb411811297
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.6-0ubuntu3.1_amd64.deb
Size/MD5: 176034 0c9a763eca6983abf1f92bf6591e4fea
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.6.6-0ubuntu3.1_i386.deb
Size/MD5: 165398 ff7cb4aa3d452ef58c78eef8b9867136
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_lpia.deb
Size/MD5: 164806 0c59ab436eb451169a5f141174db9e9b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_powerpc.deb
Size/MD5: 178224 e5d54ccb3fea2a24231eae94548deb96
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.6.6-0ubuntu3.1_sparc.deb
Size/MD5: 165134 83480e1cce024d7ac57df99901c30034
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.diff.gz
Size/MD5: 45842 868c74bce7081563ad9f9e3d9213a12e
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.dsc
Size/MD5: 1745 2e3fa86787038792390ee42bf583ff68
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-applet_0.7~~svn20081020t000444.orig.tar.gz
Size/MD5: 668729 af829714605058afb3cf77c5d419ae83
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_amd64.deb
Size/MD5: 312726 e908146a408b9f979bdbcd97eb6d5321
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/ne=
twork-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_i386.deb
Size/MD5: 298752 7f7de4a66ab8158b09fc3a8e6b5b51b2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_lpia.deb
Size/MD5: 297408 d1011545dbce454951903801c81237a1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_powerpc.deb
Size/MD5: 309074 1dd0558d633b648761ceb913fe4d5452
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-mana=
ger-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_sparc.deb
Size/MD5: 301496 5edc29edd0c0861bedb46b33a146bb44
--=-n76QrbdNQdmRAYxp9RPU
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAkmtiM4ACgkQLMAs/0C4zNqLhACfdvIpcnmhf61pbKQebQ062jMv
XHIAn1jNzZIgP6P3HSJr8YvjcNXu9lv/
=xex2
-----END PGP SIGNATURE-----
