Detections
Analytics
MiracleLinux 7 : [security - medium] NetworkManager security, bug fix, and enhancement update (AXSA:2015-694:01)
high Nessus Plugin ID 289131
Language:
Synopsis
The remote MiracleLinux host is missing one or more security updates.Description
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2015-694:01 advisory.ModemManager The ModemManager service manages WWAN modems and provides a consistent API for interacting with these devices to client applications.
NetworkManager NetworkManager is a system service that manages network interfaces and connections based on user or automatic configuration. It supports Ethernet, Bridge, Bond, VLAN, Team, InfiniBand, Wi-Fi, mobile broadband (WWAN), PPPoE and other devices, and supports a variety of different VPN services.
NetworkManager-libreswan This package contains software for integrating the libreswan VPN software with NetworkManager and the GNOME desktop network-manager-applet This package contains a network control and status notification area applet for use with NetworkManager.
Security issues fixed with this release:
CVE-2015-0272 GNOME NetworkManager allows remote attackers to cause a denial of service (IPv6 traffic disruption) via a crafted MTU value in an IPv6 Router Advertisement (RA) message, a different vulnerability than CVE-2015-8215.
CVE-2015-2924 The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in NetworkManager 1.x allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message, a similar issue to CVE-2015-2922.
Fixed bugs:
* It was not previously possible to set the Wi-Fi band to the a or bg values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's freq_list option correctly, which enables proper Wi-Fi band locking.
* NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail.
* NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated. Now, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation.
* NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients.
* The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears.
* NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it. Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.
Enhancements:
* IPv6 Privacy extensions are now enabled by default. NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to /proc/sys/net/ipv6/conf/default/use_tempaddr to determine and set IPv6 privacy settings at device activation.
* The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 (none, disable, disabled).
* NetworkManager now provides information about metered connections.
* NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI.
* NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 289131
File Name: miracle_linux_AXSA-2015-694.nasl
Version: 1.1
Type: local
Published: 1/16/2026
Updated: 1/16/2026
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2015-8215
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS Score Source: CVE-2015-0272
Vulnerability Information
CPE: p-cpe:/a:miracle:linux:nm-connection-editor, p-cpe:/a:miracle:linux:networkmanager-team, cpe:/o:miracle:linux:7, p-cpe:/a:miracle:linux:networkmanager, p-cpe:/a:miracle:linux:networkmanager-bluetooth, p-cpe:/a:miracle:linux:libnm-gtk, p-cpe:/a:miracle:linux:networkmanager-wifi, p-cpe:/a:miracle:linux:networkmanager-libnm, p-cpe:/a:miracle:linux:modemmanager-glib, p-cpe:/a:miracle:linux:networkmanager-tui, p-cpe:/a:miracle:linux:networkmanager-libreswan-gnome, p-cpe:/a:miracle:linux:networkmanager-glib, p-cpe:/a:miracle:linux:networkmanager-config-server, p-cpe:/a:miracle:linux:networkmanager-adsl, p-cpe:/a:miracle:linux:modemmanager, p-cpe:/a:miracle:linux:networkmanager-wwan, p-cpe:/a:miracle:linux:networkmanager-libreswan
Required KB Items: Host/local_checks_enabled, Host/MiracleLinux/release, Host/MiracleLinux/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 11/23/2015
Vulnerability Publication Date: 4/4/2015