GLSA-201707-09 : GNOME applet for NetworkManager: Arbitrary file read/write
Medium Nessus Plugin ID 101340
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201707-09 (GNOME applet for NetworkManager: Arbitrary file read/write)
Frederic Bardy and Quentin Biguenet discovered that GNOME applet for NetworkManager incorrectly checked permissions when connecting to certain wireless networks.
A local attacker could bypass security restrictions at the login screen to access local files.
There is no known workaround at this time.
SolutionAll GNOME applet for NetworkManager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=gnome-extra/nm-applet-1.4.6-r1'