CVE-2011-3364

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 24%
Affected Products (NVD)
VendorProductVersion
gnomeifcfg-rh_plug-in
*
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
network-manager-applet
bookworm
1.30.0-2
fixed
bullseye
1.20.0-3
fixed
sid
1.36.0-1
fixed
trixie
1.36.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
network-manager
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
NetworkManager
RHEL 6
1:0.8.1-9.el6_1.3
fixed
NetworkManager-devel
RHEL 6
1:0.8.1-9.el6_1.3
fixed
NetworkManager-glib
RHEL 6
1:0.8.1-9.el6_1.3
fixed
NetworkManager-glib-devel
RHEL 6
1:0.8.1-9.el6_1.3
fixed
NetworkManager-gnome
RHEL 6
1:0.8.1-9.el6_1.3
fixed
References
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
http://www.redhat.com/support/errata/RHSA-2011-1338.html
http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/
https://bugzilla.redhat.com/show_bug.cgi?id=737338
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
http://www.redhat.com/support/errata/RHSA-2011-1338.html
http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/
https://bugzilla.redhat.com/show_bug.cgi?id=737338