GLSA-201205-02 : ConnMan: Multiple vulnerabilities
Critical Nessus Plugin ID 59626
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201205-02 (ConnMan: Multiple vulnerabilities)
Multiple vulnerabilities have been found in ConnMan:
Errors in inet.c and rtnl.c prevent ConnMan from checking the origin of netlink messages (CVE-2012-2320).
ConnMan does not properly check for shell escapes when requesting a hostname via DHCP (CVE-2012-2321).
An infinite loop error exists in client.c (CVE-2012-2322).
A remote attacker could execute arbitrary code with the privileges of the process or cause a Denial of Service condition.
There is no known workaround at this time.
SolutionAll ConnMan users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-misc/connman-1.0-r1'