This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Ubuntu First view 2009-03-04
Product Ubuntu Linux Last view 2009-09-17
Version 8.10 Type Os
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:ubuntu:ubuntu_linux

Activity : Overall

Related : CVE

  Date Alert Description
9.3 2009-09-17 CVE-2009-3232

pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.

6.2 2009-03-04 CVE-2009-0578

GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.

4.6 2009-03-04 CVE-2009-0365

nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.

CWE : Common Weakness Enumeration

%idName
66% (2) CWE-264 Permissions, Privileges, and Access Controls
33% (1) CWE-287 Improper Authentication

CAPEC : Common Attack Pattern Enumeration & Classification

id Name
CAPEC-22 Exploiting Trust in Client (aka Make the Client Invisible)
CAPEC-57 Utilizing REST's Trust in the System Resource to Register Man in the Middle
CAPEC-94 Man in the Middle Attack
CAPEC-114 Authentication Abuse

Open Source Vulnerability Database (OSVDB)

id Description
57908 pam-auth-update on Ubuntu Linux Authentication Bypass
53654 GNOME NetworkManager dbus Multiple Arbitrary Network Connection Manipulation
53653 GNOME NetworkManager nm-applet.conf dbus Request Handler GetSecrets Method Lo...

OpenVAS Exploits

id Description
2011-08-09 Name : CentOS Update for NetworkManager CESA-2009:0361 centos5 i386
File : nvt/gb_CESA-2009_0361_NetworkManager_centos5_i386.nasl
2011-08-09 Name : CentOS Update for NetworkManager CESA-2009:0362 centos4 i386
File : nvt/gb_CESA-2009_0362_NetworkManager_centos4_i386.nasl
2009-12-30 Name : Debian Security Advisory DSA 1955-1 (network-manager/network-manager-applet)
File : nvt/deb_1955_1.nasl
2009-10-13 Name : SLES10: Security update for NetworkManager
File : nvt/sles10_NetworkManager.nasl
2009-10-13 Name : SLES10: Security update for NetworkManager-gnome
File : nvt/sles10_NetworkManager-0.nasl
2009-10-13 Name : SLES10: Security update for knetworkmanager
File : nvt/sles10_NetworkManager-.nasl
2009-10-11 Name : SLES11: Security update for NetworkManager
File : nvt/sles11_NetworkManager.nasl
2009-09-15 Name : Ubuntu USN-828-1 (pam)
File : nvt/ubuntu_828_1.nasl
2009-05-25 Name : CentOS Security Advisory CESA-2009:0362 (NetworkManager)
File : nvt/ovcesa2009_0362.nasl
2009-04-28 Name : SuSE Security Summary SUSE-SR:2009:009
File : nvt/suse_sr_2009_009.nasl
2009-04-15 Name : CentOS Security Advisory CESA-2009:0361 (NetworkManager)
File : nvt/ovcesa2009_0361.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0362
File : nvt/RHSA_2009_0362.nasl
2009-03-31 Name : RedHat Security Advisory RHSA-2009:0361
File : nvt/RHSA_2009_0361.nasl
2009-03-20 Name : SuSE Security Advisory SUSE-SA:2009:013 (dbus-1, hal, NetworkManager, Package...
File : nvt/suse_sa_2009_013.nasl
2009-03-13 Name : Fedora Core 9 FEDORA-2009-2420 (NetworkManager)
File : nvt/fcore_2009_2420.nasl
2009-03-13 Name : Fedora Core 10 FEDORA-2009-2419 (knetworkmanager)
File : nvt/fcore_2009_2419.nasl
2009-03-07 Name : Ubuntu USN-726-1 (curl)
File : nvt/ubuntu_726_1.nasl
2009-03-07 Name : Ubuntu USN-727-1 (network-manager-applet)
File : nvt/ubuntu_727_1.nasl
2009-03-07 Name : Ubuntu USN-727-2 (network-manager)
File : nvt/ubuntu_727_2.nasl

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0361.nasl - Type: ACT_GATHER_INFO
2013-07-12 Name: The remote Oracle Linux host is missing one or more security updates.
File: oraclelinux_ELSA-2009-0362.nasl - Type: ACT_GATHER_INFO
2012-08-01 Name: The remote Scientific Linux host is missing one or more security updates.
File: sl_20090325_NetworkManager_on_SL4_x.nasl - Type: ACT_GATHER_INFO
2010-02-24 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-1955.nasl - Type: ACT_GATHER_INFO
2010-01-06 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-0361.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_NetworkManager-kde-6026.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_NetworkManager-gnome-6028.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 10 host is missing a security-related patch.
File: suse_NetworkManager-6027.nasl - Type: ACT_GATHER_INFO
2009-09-24 Name: The remote SuSE 11 host is missing one or more security updates.
File: suse_11_NetworkManager-090402.nasl - Type: ACT_GATHER_INFO
2009-09-15 Name: The remote system has an authentication bypass vulnerability.
File: account_root_randpw.nasl - Type: ACT_GATHER_INFO
2009-09-09 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-828-1.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_NetworkManager-gnome-090226.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_NetworkManager-kde-090226.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_ModemManager-090226.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_NetworkManager-090402.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_NetworkManager-gnome-090226.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_NetworkManager-kde-090226.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_1_cnetworkmanager-090305.nasl - Type: ACT_GATHER_INFO
2009-07-21 Name: The remote openSUSE host is missing a security update.
File: suse_11_0_ModemManager-090226.nasl - Type: ACT_GATHER_INFO
2009-05-26 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2009-0362.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2009-2419.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing a security-related patch.
File: ubuntu_USN-727-1.nasl - Type: ACT_GATHER_INFO
2009-04-23 Name: The remote Ubuntu host is missing one or more security-related patches.
File: ubuntu_USN-727-2.nasl - Type: ACT_GATHER_INFO
2009-03-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-0361.nasl - Type: ACT_GATHER_INFO
2009-03-27 Name: The remote Red Hat host is missing one or more security updates.
File: redhat-RHSA-2009-0362.nasl - Type: ACT_GATHER_INFO