Detections
Analytics

MiracleLinux 4 : NetworkManager-0.8.1-9.AXS4.3 (AXSA:2011-534:01)

high Nessus Plugin ID 284265

Synopsis

The remote MiracleLinux host is missing one or more security updates.

Description

The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2011-534:01 advisory.

 NetworkManager is a system network service that manages your network devices and connections, attempting to keep active network connectivity when available. It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and provides VPN integration with a variety of different VPN services.
 Security issues fixed with this release:
 CVE-2011-2176 GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
 CVE-2011-3364 Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
 Fixed bugs:
 - After disabling wireless in NetworkManager, a suspend and resume would re-enable the wireless connection automatically. NetworkManager now remembers the previous wireless state after a suspens and resume.
 - Fixed some translations in the network-manager-applet (languages: as, te, pa, gu, mr, fr, es, bn_IN) and NetworkManager (languages: bn_IN, es, fr, ja, mr).
 - Fixed a truncation problem on 64-bit PPC systems: configured connections are now displayed in connection editor.
 - Unprivilieged users cannot change the status of wireless connections and WWAN anymore.
 - No unnecessary warnings are inserted any more in the /var/log/messages log file during the hostname operation.
 - The NetworkManager panel applet was sometimes unable to determine user permissions regarding networking and would disable the Enable Networking and Enable Wireless check boxes. This has been fixed.
 - Removed an unnecessary and unexpected re-authentication requirement when roaming between WPA/WPA2 access points in the same SSID attached to the same wireless LAN controller.
 - NetworkManager did not handle correctly configurations with multiple network devices machines containing one iSCSI adapter set up not to be the default route. This has been fixed.
 - Fixed IPv6 static addressing configurations not saving the gateway address.
 - NetworkManager does not modify /etc/hosts any longer, the administrator has to set it up.
 - The Ask for this password every time option for WPA/WPA2 passwords now functions as expected and an empty password field appears when prompting the user for the password.
 Enhancements:
 - The connection information now shows information such as the IP Address and DNS servers
 - DHCP lease change events now trigger dispatcher scripts at the /etc/NetworkManager/dispatcher.d location.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected NetworkManager, NetworkManager-glib and / or NetworkManager-gnome packages.

See Also

https://tsn.miraclelinux.com/en/node/2250

Plugin Details

Severity: High

ID: 284265

File Name: miracle_linux_AXSA-2011-534.nasl

Version: 1.1

Type: local

Published: 1/14/2026

Updated: 1/14/2026

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

Vendor

Vendor Severity: High

CVSS v2

Risk Factor: Medium

Base Score: 6.9

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-3364

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:miracle:linux:networkmanager-gnome, p-cpe:/a:miracle:linux:networkmanager, cpe:/o:miracle:linux:4, p-cpe:/a:miracle:linux:networkmanager-glib

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/28/2011

Vulnerability Publication Date: 6/23/2011

Reference Information

CVE: CVE-2011-2176, CVE-2011-3364