Fedora 14 : NetworkManager-0.8.4-2.git20110622.fc14 (2011-8612)

low Nessus Plugin ID 55842

Synopsis

The remote Fedora host is missing a security update.

Description

This update fixes the security issue for creating shared WiFi networks. It's been tracked by #709662 - CVE-2011-2176.

Before this update, NetworkManager didn't respect PolicyKit policies for creating shared WiFi networks: actions org.freedesktop.network-manager-settings.system.wifi.share.open and org.freedesktop.network-manager-settings.system.wifi.share.protected in /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.s ystem.policy file. Thus, users could create shared WiFi networks even if it was disabled via the PolicyKit setting. This update fixes this issue. Be aware, that the default policies still allow creating shared WiFi networks. You should modify <allow_active>yes</allow_active> to <allow_active>auth_admin</allow_active> if you require authorization with root password, or to <allow_active>no</allow_active> to disallow creating the networks altogether through the above PolicyKit actions.

In addition, this update fixes other bugs by updating NetworkManager to git snaphot as of 2011-06-22.

- core: fix up checks for s390 CTC device type (bgo #649025)

- core: recognize platform 'gadget' devices

- core: only send hostname without domain as host-name option (rh #694758)

- core: clear 'invalid' connection tag when cable is re-plugged

- core: fix crash requesting system VPN secrets (bgo #651710)

- core: add MAC address blacklisting feature for WiFi and ethernet connections

- core: allow _ as a valid character for GSM APNs

- wifi: always fix up Ad-Hoc frequency when connecting (rh #699203)

- keyfile: better handle cert/key files that don't exist (bgo #649807)

- keyfile: ignore .pem and .der file changes

- editor: improve usability for entering manual IP addresses and routes (rh #698199) (bgo #607678)

- editor: don't crash in edit_done_cb() when connection is invalid (rh #704848)

- editor: don't allow inserting 0.0.0.0 as destination and netmask for IPv4 routes

- editor: allow _ as a valid character for GSM APNs

- applet: ensure entries activate default button if Enter is pressed (rh #622487)

- applet: add gsm registration status notification

- applet: filter APN entry characters in mobile-wizard

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected NetworkManager package.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=709662

http://www.nessus.org/u?94b66e11

http://www.nessus.org/u?2269d34c

Plugin Details

Severity: Low

ID: 55842

File Name: fedora_2011-8612.nasl

Version: 1.14

Type: local

Agent: unix

Published: 8/15/2011

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/o:fedoraproject:fedora:14, p-cpe:/a:fedoraproject:fedora:networkmanager

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 6/24/2011

Reference Information

CVE: CVE-2011-2176

BID: 48396

FEDORA: 2011-8612