CVE-2009-4145

Published: Dec 23, 2009Modified: Apr 23, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.

Affected (1)

Products: Gnome: Networkmanager

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnome Networkmanager	Version 0.7.2

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (22)

http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2

Source: secalert@redhat.com

Patch

http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894

Source: secalert@redhat.com

Patch

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html

Source: secalert@redhat.com

http://secunia.com/advisories/37819

Source: secalert@redhat.com

Vendor Advisory

http://secunia.com/advisories/38420

Source: secalert@redhat.com

http://www.openwall.com/lists/oss-security/2009/12/16/3

Source: secalert@redhat.com

http://www.redhat.com/support/errata/RHSA-2010-0108.html

Source: secalert@redhat.com

http://www.securityfocus.com/bid/37580

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=546117

Source: secalert@redhat.com

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54898

Source: secalert@redhat.com

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539

Source: secalert@redhat.com

http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=56d87fcb86acb5359558e0a2ee702cfc0c3391f2

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=8627880e07c8345f69ed639325280c7f62a8f894

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/37819

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/38420

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2009/12/16/3

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2010-0108.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/37580

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=546117

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/54898

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10539

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.