Fluid Attacks Database

Description

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 14	network-manager	>=0 <0.6.5-1	0.6.5-1
debian 13	network-manager-applet	>=0 <0.7.0.99-1	0.7.0.99-1
debian 12	network-manager-applet	>=0 <0.7.0.99-1	0.7.0.99-1
debian 11	network-manager	>=0 <0.6.5-1	0.6.5-1
debian 11	network-manager-applet	>=0 <0.7.0.99-1	0.7.0.99-1
debian 12	network-manager	>=0 <0.6.5-1	0.6.5-1
debian 13	network-manager	>=0 <0.6.5-1	0.6.5-1
debian 14	network-manager-applet	>=0 <0.7.0.99-1	0.7.0.99-1
rpm rhel5	NetworkManager	<1:0.7.0-4.el5_3	1:0.7.0-4.el5_3

Aliases

1. CVE-2009-03652. NVD-2009-03653. OSV-DEBIAN-2009-03654. OSV-2009-03655. SECURITY-TRACKER-CVE-2009-0365

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.