----------------------------------------------------------------------

Did you know? Our assessment and impact rating along with detailed
information such as exploit code availability, or if an updated patch
is released by the vendor, is not part of this mailing-list?
        
Click here to learn more about our commercial solutions:
http://secunia.com/advisories/business_solutions/
        
Click here to trial our solutions:
http://secunia.com/advisories/try_vi/

----------------------------------------------------------------------

TITLE:
NetworkManager D-Bus Request Restriction Security Issues

SECUNIA ADVISORY ID:
SA34067

VERIFY ADVISORY:
http://secunia.com/advisories/34067/

DESCRIPTION:
Two security issues have been reported in NetworkManager, which can
be exploited by malicious, local users to manipulate certain data and
disclose potentially sensitive information.

1) A security issue is caused due to an incorrect deny setting within
system-settings/src/nm-system-settings.conf. This can be exploited to
e.g. disclose another user's connection passwords or keys.

2) The network-manager-applet does not properly restricting certain
D-Bus requests to the current user. This can be exploited to e.g.
manipulate or delete another user's network connection settings.

SOLUTION:
Fixed in the GIT and SVN repositories.

PROVIDED AND/OR DISCOVERED BY:
Reported in an Ubuntu Advisory.

ORIGINAL ADVISORY:
USN-721-1:
https://lists.ubuntu.com/archives/ubuntu-security-announce/2009-March/000847.html

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------