Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:0377

Опубликовано: 17 мар. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: Security and bug fixes for NetworkManager

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.

Security and bug fix(es):

  • Routes in table different to main are not deleted on reapply [rhel-9.5.z] (JIRA:Rocky Linux-73013)
  • Route to VPN server not stored in routing table that is specified by ipv4.route-table [rhel-9.5.z] (JIRA:Rocky Linux-73166)
  • VPN connections do not support ipv4.routing-rules settings [rhel-9.5.z] (JIRA:Rocky Linux-73167)
  • CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic [rhel-9.5.z] (JIRA:Rocky Linux-64726)

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
NetworkManagerx86_645.el9_5NetworkManager-1.48.10-5.el9_5.x86_64.rpm
NetworkManager-adslx86_645.el9_5NetworkManager-adsl-1.48.10-5.el9_5.x86_64.rpm
NetworkManager-bluetoothx86_645.el9_5NetworkManager-bluetooth-1.48.10-5.el9_5.x86_64.rpm
NetworkManager-config-servernoarch5.el9_5NetworkManager-config-server-1.48.10-5.el9_5.noarch.rpm
NetworkManager-config-servernoarch5.el9_5NetworkManager-config-server-1.48.10-5.el9_5.noarch.rpm
NetworkManager-config-servernoarch5.el9_5NetworkManager-config-server-1.48.10-5.el9_5.noarch.rpm
NetworkManager-config-servernoarch5.el9_5NetworkManager-config-server-1.48.10-5.el9_5.noarch.rpm
NetworkManager-initscripts-updownnoarch5.el9_5NetworkManager-initscripts-updown-1.48.10-5.el9_5.noarch.rpm
NetworkManager-initscripts-updownnoarch5.el9_5NetworkManager-initscripts-updown-1.48.10-5.el9_5.noarch.rpm
NetworkManager-initscripts-updownnoarch5.el9_5NetworkManager-initscripts-updown-1.48.10-5.el9_5.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-3661

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2024-3661

CVSS3: 7.6
ubuntu
почти 2 года назад

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

redhat логотип

CVE-2024-3661

CVSS3: 7.6
redhat
почти 2 года назад

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

nvd логотип

CVE-2024-3661

CVSS3: 7.6
nvd
почти 2 года назад

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

rocky логотип

RLSA-2025:0288

rocky
9 месяцев назад

Moderate: Bug fix of NetworkManager

github логотип

GHSA-jcv7-6v4q-4m7x

CVSS3: 8.8
github
почти 2 года назад

By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.