CVE-2009-0578

high

Description

GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931

https://exchange.xforce.ibmcloud.com/vulnerabilities/49063

https://bugzilla.redhat.com/show_bug.cgi?id=487752

http://www.ubuntu.com/usn/USN-727-1

http://www.securitytracker.com/id?1021909

http://www.securityfocus.com/bid/33966

http://www.redhat.com/support/errata/RHSA-2009-0361.html

http://secunia.com/advisories/34473

http://secunia.com/advisories/34067

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html

Details

Source: Mitre, NVD

Published: 2009-03-05

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 6.2

Vector: CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Severity: High