Количество 9
Количество 9
BDU:2024-09459
Уязвимость клиентского плагина libreswan программы управления сетевыми соединениями NetworkManager связанная с неверным управлением генерацией кода, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration.
CVE-2024-9050
A flaw was found in the libreswan client plugin for NetworkManager (Ne ...
ROS-20241029-01
Уязвимость NetworkManager-libreswan
RLSA-2024:8353
Important: NetworkManager-libreswan security update
ELSA-2024-9555
ELSA-2024-9555: NetworkManager-libreswan security update (IMPORTANT)
ELSA-2024-8357
ELSA-2024-8357: NetworkManager-libreswan security update (IMPORTANT)
ELSA-2024-8353
ELSA-2024-8353: NetworkManager-libreswan security update (IMPORTANT)
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | BDU:2024-09459 Уязвимость клиентского плагина libreswan программы управления сетевыми соединениями NetworkManager связанная с неверным управлением генерацией кода, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-9050 A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | CVE-2024-9050 A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
| CVE-2024-9050 A flaw was found in the libreswan client plugin for NetworkManager (Ne ... | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | ROS-20241029-01 Уязвимость NetworkManager-libreswan | CVSS3: 7.8 | 0% Низкий | 8 месяцев назад |
 | RLSA-2024:8353 Important: NetworkManager-libreswan security update | 0% Низкий | около 1 месяца назад | |
| ELSA-2024-9555 ELSA-2024-9555: NetworkManager-libreswan security update (IMPORTANT) | 7 месяцев назад | ||
| ELSA-2024-8357 ELSA-2024-8357: NetworkManager-libreswan security update (IMPORTANT) | 7 месяцев назад | ||
| ELSA-2024-8353 ELSA-2024-8353: NetworkManager-libreswan security update (IMPORTANT) | 8 месяцев назад |
Уязвимостей на страницу