Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-3364

Опубликовано: 26 сент. 2011
Источник: redhat
CVSS2: 6.9

Описание

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Отчет

Not vulnerable. This issue did not affect the versions of NetworkManager as shipped with Red Hat Enterprise Linux 4 or 5 as they did not include support for writing NetworkManager configurations to the standard /etc/sysconfig/network-scripts/ifcfg-* files.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 4NetworkManagerNot affected
Red Hat Enterprise Linux 5NetworkManagerNot affected
Red Hat Enterprise Linux 6NetworkManagerFixedRHSA-2011:133826.09.2011

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
https://bugzilla.redhat.com/show_bug.cgi?id=737338NetworkManager: Console user can escalate to root via newlines in ifcfg-rh connection name

6.9 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-3364

ubuntu
больше 13 лет назад

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

nvd логотип

CVE-2011-3364

nvd
больше 13 лет назад

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

debian логотип

CVE-2011-3364

debian
больше 13 лет назад

Incomplete blacklist vulnerability in the svEscape function in setting ...

github логотип

GHSA-89wj-8hfp-9mjq

github
около 3 лет назад

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

oracle-oval логотип

ELSA-2011-1338

oracle-oval
почти 14 лет назад

ELSA-2011-1338: NetworkManager security update (MODERATE)

6.9 Medium

CVSS2