Detections
Analytics

RHEL 7 : NetworkManager (RHSA-2015:2315)

high Nessus Plugin ID 86981

Language:

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2315 advisory.

 NetworkManager is a system network service that manages network devices and connections.

 It was discovered that NetworkManager would set device MTUs based on MTU values received in IPv6 RAs (Router Advertisements), without sanity checking the MTU value first. A remote attacker could exploit this flaw to create a denial of service attack, by sending a specially crafted IPv6 RA packet to disturb IPv6 communication. (CVE-2015-0272)

 A flaw was found in the way NetworkManager handled router advertisements.
 An unprivileged user on a local network could use IPv6 Neighbor Discovery ICMP to broadcast a non-route with a low hop limit, causing machines to lower the hop limit on existing IPv6 routes. If this limit is small enough, IPv6 packets would be dropped before reaching the final destination.
 (CVE-2015-2924)

 The network-manager-applet and NetworkManager-libreswan packages have been upgraded to upstream versions 1.0.6, and provide a number of bug fixes and enhancements over the previous versions. (BZ#1177582, BZ#1243057)

 Bugs:

 * It was not previously possible to set the Wi-Fi band to the a or bg values to lock to a specific frequency band. NetworkManager has been fixed, and it now sets the wpa_supplicant's freq_list option correctly, which enables proper Wi-Fi band locking. (BZ#1254461)

 * NetworkManager immediately failed activation of devices that did not have a carrier early in the boot process. The legacy network.service then reported activation failure. Now, NetworkManager has a grace period during which it waits for the carrier to appear. Devices that have a carrier down for a short time on system startup no longer cause the legacy network.service to fail. (BZ#1079353)

 * NetworkManager brought down a team device if the teamd service managing it exited unexpectedly, and the team device was deactivated. Now, NetworkManager respawns the teamd instances that disappear and is able to recover from a teamd failure avoiding disruption of the team device operation. (BZ#1145988)

 * NetworkManager did not send the FQDN DHCP option even if host name was set to FQDN. Consequently, Dynamic DNS (DDNS) setups failed to update the DNS records for clients running NetworkManager. Now, NetworkManager sends the FQDN option with DHCP requests, and the DHCP server is able to create DNS records for such clients. (BZ#1212597)

 * The command-line client was not validating the vlan.flags property correctly, and a spurious warning message was displayed when the nmcli tool worked with VLAN connections. The validation routine has been fixed, and the warning message no longer appears. (BZ#1244048)

 * NetworkManager did not propagate a media access control (MAC) address change from a bonding interface to a VLAN interface on top of it.
 Consequently, a VLAN interface on top of a bond used an incorrect MAC address. Now, NetworkManager synchronizes the addresses correctly.
 (BZ#1264322)

 Enhancements:

 * IPv6 Privacy extensions are now enabled by default. NetworkManager checks the per-network configuration files, NetworkManager.conf, and then falls back to /proc/sys/net/ipv6/conf/default/use_tempaddr to determine and set IPv6 privacy settings at device activation. (BZ#1187525)

 * The NetworkManager command-line tool, nmcli, now allows setting the wake-on-lan property to 0 (none, disable, disabled). (BZ#1260584)

 * NetworkManager now provides information about metered connections.
 (BZ#1200452)

 * NetworkManager daemon and the connection editor now support setting the Maximum Transmission Unit (MTU) of a bond. It is now possible to change MTU of a bond interface in a GUI. (BZ#1177582, BZ#1177860)

 * NetworkManager daemon and the connection editor now support setting the MTU of a team, allowing to change MTU of a teaming interface. (BZ#1255927)

 NetworkManager users are advised to upgrade to these updated packages, which correct these issues and add these enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5a6400e2

https://access.redhat.com/errata/RHSA-2015:2315

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1062301

https://bugzilla.redhat.com/show_bug.cgi?id=1139536

https://bugzilla.redhat.com/show_bug.cgi?id=1141417

https://bugzilla.redhat.com/show_bug.cgi?id=1168388

https://bugzilla.redhat.com/show_bug.cgi?id=1168657

https://bugzilla.redhat.com/show_bug.cgi?id=1182575

https://bugzilla.redhat.com/show_bug.cgi?id=1183015

https://bugzilla.redhat.com/show_bug.cgi?id=1183444

https://bugzilla.redhat.com/show_bug.cgi?id=1187525

https://bugzilla.redhat.com/show_bug.cgi?id=1192132

https://bugzilla.redhat.com/show_bug.cgi?id=1200451

https://bugzilla.redhat.com/show_bug.cgi?id=1200452

https://bugzilla.redhat.com/show_bug.cgi?id=1201497

https://bugzilla.redhat.com/show_bug.cgi?id=1207730

https://bugzilla.redhat.com/show_bug.cgi?id=1209902

https://bugzilla.redhat.com/show_bug.cgi?id=1211133

https://bugzilla.redhat.com/show_bug.cgi?id=1211859

https://bugzilla.redhat.com/show_bug.cgi?id=1229471

https://bugzilla.redhat.com/show_bug.cgi?id=1238840

https://bugzilla.redhat.com/show_bug.cgi?id=1243057

https://bugzilla.redhat.com/show_bug.cgi?id=1244293

https://bugzilla.redhat.com/show_bug.cgi?id=1246496

https://bugzilla.redhat.com/show_bug.cgi?id=1250019

https://bugzilla.redhat.com/show_bug.cgi?id=1250723

https://bugzilla.redhat.com/show_bug.cgi?id=1251954

https://bugzilla.redhat.com/show_bug.cgi?id=1253744

https://bugzilla.redhat.com/show_bug.cgi?id=1254089

https://bugzilla.redhat.com/show_bug.cgi?id=1254461

https://bugzilla.redhat.com/show_bug.cgi?id=1255735

https://bugzilla.redhat.com/show_bug.cgi?id=1256772

https://bugzilla.redhat.com/show_bug.cgi?id=1261428

https://bugzilla.redhat.com/show_bug.cgi?id=1264024

https://bugzilla.redhat.com/show_bug.cgi?id=1264089

https://bugzilla.redhat.com/show_bug.cgi?id=1264361

https://bugzilla.redhat.com/show_bug.cgi?id=1267326

https://bugzilla.redhat.com/show_bug.cgi?id=1267330

https://bugzilla.redhat.com/show_bug.cgi?id=1267462

https://bugzilla.redhat.com/show_bug.cgi?id=1267672

https://bugzilla.redhat.com/show_bug.cgi?id=1268030

https://bugzilla.redhat.com/show_bug.cgi?id=1271973

https://bugzilla.redhat.com/show_bug.cgi?id=1272023

https://bugzilla.redhat.com/show_bug.cgi?id=1272974

https://bugzilla.redhat.com/show_bug.cgi?id=918692

Plugin Details

Severity: High

ID: 86981

File Name: redhat-RHSA-2015-2315.nasl

Version: 2.12

Type: local

Agent: unix

Published: 11/20/2015

Updated: 3/24/2025

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2015-0272

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:networkmanager-libnm, p-cpe:/a:redhat:enterprise_linux:modemmanager-glib, p-cpe:/a:redhat:enterprise_linux:networkmanager-team, p-cpe:/a:redhat:enterprise_linux:networkmanager-libreswan-gnome, p-cpe:/a:redhat:enterprise_linux:networkmanager-devel, p-cpe:/a:redhat:enterprise_linux:networkmanager-adsl, p-cpe:/a:redhat:enterprise_linux:networkmanager-bluetooth, p-cpe:/a:redhat:enterprise_linux:modemmanager, p-cpe:/a:redhat:enterprise_linux:modemmanager-glib-devel, p-cpe:/a:redhat:enterprise_linux:networkmanager, p-cpe:/a:redhat:enterprise_linux:networkmanager-config-routing-rules, p-cpe:/a:redhat:enterprise_linux:networkmanager-glib, p-cpe:/a:redhat:enterprise_linux:libnm-gtk, p-cpe:/a:redhat:enterprise_linux:nm-connection-editor, p-cpe:/a:redhat:enterprise_linux:networkmanager-config-server, p-cpe:/a:redhat:enterprise_linux:libnm-gtk-devel, p-cpe:/a:redhat:enterprise_linux:networkmanager-glib-devel, p-cpe:/a:redhat:enterprise_linux:networkmanager-libreswan, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:networkmanager-wwan, p-cpe:/a:redhat:enterprise_linux:modemmanager-devel, p-cpe:/a:redhat:enterprise_linux:networkmanager-tui, p-cpe:/a:redhat:enterprise_linux:network-manager-applet, p-cpe:/a:redhat:enterprise_linux:networkmanager-wifi, p-cpe:/a:redhat:enterprise_linux:modemmanager-vala, p-cpe:/a:redhat:enterprise_linux:networkmanager-libnm-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/19/2015

Vulnerability Publication Date: 11/16/2015

Reference Information

CVE: CVE-2015-0272, CVE-2015-2924

CWE: 20, 358

RHSA: 2015:2315