CVE-2009-0365 — Vulnetix

CVE-2009-0365 PUBLISHED CVSS 4.599999904632568 MEDIUM

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

EPSS 0.12% · 30.6th percentile

Risk Scores

CVSS 2.0

4.599999904632568

EPSS Score

0.12%

30.6th percentile

Affected Products

Vendor	Product	Versions
ubuntu	ubuntu_linux	6.06, 7.10, 8.04
n/a	n/a	n/a

Exploit Intelligence

1021910 (circl)
USN-727-1 (circl)
USN-727-2 (circl)
networkmanager-dbus-info-disclosure(49062) (circl)
1021908 (circl)
http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207 (circl)
33966 (circl)
1021911 (circl)
https://bugzilla.redhat.com/show_bug.cgi?id=487722 (circl)
http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207 (circl)

…and 10 more exploits

Timeline

Mar 5, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 2, 2022 CVE Updated
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score

References

1021910 vdb
USN-727-1 vendor-advisory
USN-727-2 vendor-advisory
networkmanager-dbus-info-disclosure(49062) vdb
1021908 vdb
http://svn.gnome.org/viewvc/network-manager-applet?view=revision&revision=1207 url
33966 vdb
1021911 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=487722 url
http://svn.gnome.org/viewvc/network-manager-applet/trunk/nm-applet.conf?r1=1133&r2=1207&pathrev=1207 url
oval:org.mitre.oval:def:10828 vdb
34067 third-party-advisory
RHSA-2009:0362 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=487752 url
DSA-1955 vendor-advisory
SUSE-SR:2009:009 vendor-advisory
SUSE-SA:2009:013 vendor-advisory
RHSA-2009:0361 vendor-advisory
34177 third-party-advisory
34473 third-party-advisory

…and 1 more

Open in Interactive Console →