Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-0764

Опубликовано: 02 апр. 2016
Источник: redhat
CVSS2: 2.1
EPSS Низкий

Описание

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5NetworkManagerNot affected
Red Hat Enterprise Linux 6NetworkManagerWill not fix
Red Hat Enterprise Linux 7libnl3FixedRHSA-2016:258103.11.2016
Red Hat Enterprise Linux 7NetworkManagerFixedRHSA-2016:258103.11.2016
Red Hat Enterprise Linux 7network-manager-appletFixedRHSA-2016:258103.11.2016
Red Hat Enterprise Linux 7NetworkManager-libreswanFixedRHSA-2016:258103.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-362
https://bugzilla.redhat.com/show_bug.cgi?id=1324025NetworkManager: Race condition allowing info leak

EPSS

Процентиль: 10%
0.00035
Низкий

2.1 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-0764

CVSS3: 6.2
ubuntu
больше 8 лет назад

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

nvd логотип

CVE-2016-0764

CVSS3: 6.2
nvd
больше 8 лет назад

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

debian логотип

CVE-2016-0764

CVSS3: 6.2
debian
больше 8 лет назад

Race condition in Network Manager before 1.0.12 as packaged in Red Hat ...

github логотип

GHSA-m39r-x7w4-x8gg

CVSS3: 6.2
github
больше 3 лет назад

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.

oracle-oval логотип

ELSA-2016-2581

oracle-oval
около 9 лет назад

ELSA-2016-2581: NetworkManager security, bug fix, and enhancement update (LOW)

EPSS

Процентиль: 10%
0.00035
Низкий

2.1 Low

CVSS2