lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 03 Mar 2009 14:45:21 -0500
From: Marc Deslauriers <marc.deslauriers@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>
Subject: [USN-727-1] network-manager-applet vulnerabilities

===========================================================
Ubuntu Security Notice USN-727-1             March 03, 2009
network-manager-applet vulnerabilities
CVE-2009-0365, CVE-2009-0578
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 7.10:
  network-manager-gnome           0.6.5-0ubuntu11~7.10.1

Ubuntu 8.04 LTS:
  network-manager-gnome           0.6.6-0ubuntu3.1

Ubuntu 8.10:
  network-manager-gnome           0.7~~svn20081020t000444-0ubuntu1.8.10.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus requests. A local user could perform dbus
queries to view other users' network connection passwords and pre-shared keys.
(CVE-2009-0365)

It was discovered that network-manager-applet did not properly enforce
permissions when responding to dbus modify and delete requests. A local user
could use dbus to modify or delete other users' network connections. This issue
only applied to Ubuntu 8.10. (CVE-2009-0578)


Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.5-0ubuntu11~7.10.1.diff.gz
      Size/MD5:     7691 a46630110934b343c4ca8e9a36ed915f
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.5-0ubuntu11~7.10.1.dsc
      Size/MD5:     1024 de8efd3c74908e6c2b211705e599f08d
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.5.orig.tar.gz
      Size/MD5:   728673 ad8e3feccbb1fcb9627f876cba6dcb0e

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.5-0ubuntu11~7.10.1_amd64.deb
      Size/MD5:   145754 148c33705c10ad4d070f4f94a16e8718

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.5-0ubuntu11~7.10.1_i386.deb
      Size/MD5:   138020 b2799201f3ffe0519217eeb3b14fdb6d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.6.5-0ubuntu11~7.10.1_lpia.deb
      Size/MD5:   137380 924c344d2874f098198d7cf85fd875ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.5-0ubuntu11~7.10.1_powerpc.deb
      Size/MD5:   147252 718e0776e184ccf7b2af79b4d28b7a6d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.5-0ubuntu11~7.10.1_sparc.deb
      Size/MD5:   138660 dd0e6039514e65dfdbf90b1b81bb3810

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.6-0ubuntu3.1.diff.gz
      Size/MD5:    11001 c5f9ed4f19e0efc956074a0c8f51a5b2
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.6-0ubuntu3.1.dsc
      Size/MD5:     1020 181665f28e65a036c5e00de77b82b780
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.6.6.orig.tar.gz
      Size/MD5:   808916 f01275d74ed277b1a587cbb411811297

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.6-0ubuntu3.1_amd64.deb
      Size/MD5:   176034 0c9a763eca6983abf1f92bf6591e4fea

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.6.6-0ubuntu3.1_i386.deb
      Size/MD5:   165398 ff7cb4aa3d452ef58c78eef8b9867136

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.6.6-0ubuntu3.1_lpia.deb
      Size/MD5:   164806 0c59ab436eb451169a5f141174db9e9b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.6.6-0ubuntu3.1_powerpc.deb
      Size/MD5:   178224 e5d54ccb3fea2a24231eae94548deb96

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.6.6-0ubuntu3.1_sparc.deb
      Size/MD5:   165134 83480e1cce024d7ac57df99901c30034

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.diff.gz
      Size/MD5:    45842 868c74bce7081563ad9f9e3d9213a12e
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.2.dsc
      Size/MD5:     1745 2e3fa86787038792390ee42bf583ff68
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444.orig.tar.gz
      Size/MD5:   668729 af829714605058afb3cf77c5d419ae83

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_amd64.deb
      Size/MD5:   312726 e908146a408b9f979bdbcd97eb6d5321

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_i386.deb
      Size/MD5:   298752 7f7de4a66ab8158b09fc3a8e6b5b51b2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_lpia.deb
      Size/MD5:   297408 d1011545dbce454951903801c81237a1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_powerpc.deb
      Size/MD5:   309074 1dd0558d633b648761ceb913fe4d5452

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.2_sparc.deb
      Size/MD5:   301496 5edc29edd0c0861bedb46b33a146bb44



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

-- 
ubuntu-security-announce mailing list
ubuntu-security-announce@...ts.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists