Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 521
Alerts This Week
Warning Icon 1 521

Gentoo: GLSA 201707-09 Normal: GNOME Applet Local Access Risk

gentoo
Calendar Grey July 8, 2017
Dist Gentoo Esm H88
A vulnerability in the GNOME applet for NetworkManager allows local attackers to access and alter files. Timely updates are essential to reduce security threats
A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem.

Summary

Frederic Bardy and Quentin Biguenet discovered that GNOME applet for NetworkManager incorrectly checked permissions when connecting to certain wireless networks.

Resolution

All GNOME applet for NetworkManager users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=gnome-extra/nm-applet-1.4.6-r1"

References

[ 1 ] CVE-2017-6590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6590

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201707-09
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: GNOME applet for NetworkManager: Arbitrary file read/write
Date: July 08, 2017
Bugs: #613768
ID: 201707-09

Synopsis

A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem.

Background

GNOME applet for NetworkManager is a GTK+ 3 front-end which works under Xorg environments with a systray.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 gnome-extra/nm-applet < 1.4.6-r1 >= 1.4.6-r1

Impact

===== A local attacker could bypass security restrictions at the login screen to access local files.

Workaround

There is no known workaround at this time.