CVE-2009-0365 — network-manager network-manager-applet - information disclosure

Description

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

How to fix CVE-2009-0365

To remediate CVE-2009-0365, upgrade the affected package to a fixed version below.

Debian/network-manager—upgrade to 0.6.5-1 or later
Debian/network-manager—upgrade to 0.6.4-6+etch1 or later
—upgrade to 0.7.0.99-1 or later
—upgrade to 0.6.6-4+lenny1 or later

Is CVE-2009-0365 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 0.6.5-1
from 0, < 0.6.4-6+etch1
from 0, < 0.7.0.99-1
from 0, < 0.6.6-4+lenny1

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-0365