Executive Summary

Informations
Name CVE-2011-3364 First vendor Publication 2011-11-04
Vendor Cve Last vendor Modification 2012-01-19

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 6.9 Attack Range Local
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 3.4 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3364

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:21932
 
Oval ID: oval:org.mitre.oval:def:21932
Title: RHSA-2011:1338: NetworkManager security update (Moderate)
Description: Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
Family: unix Class: patch
Reference(s): RHSA-2011:1338-01
CVE-2011-3364
 Version: 4
Platform(s): Red Hat Enterprise Linux 6
 Product(s): NetworkManager
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23284
 
Oval ID: oval:org.mitre.oval:def:23284
Title: ELSA-2011:1338: NetworkManager security update (Moderate)
Description: Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
Family: unix Class: patch
Reference(s): ELSA-2011:1338-01
CVE-2011-3364
 Version: 6
Platform(s): Oracle Linux 6
 Product(s): NetworkManager
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27819
 
Oval ID: oval:org.mitre.oval:def:27819
Title: DEPRECATED: ELSA-2011-1338 -- NetworkManager security update (moderate)
Description: [0.8.1-9_el6_1.3] - ifcfg-rh: CVE-2011-3364: filter newline characters when writing into ifcfg-* files (rh #737338) [0.8.1-9_el6_1.2] - ifcfg-rh: CVE-2011-3364: filter newline characters when writing into ifcfg-* files (rh #737338)
Family: unix Class: patch
Reference(s): ELSA-2011-1338
CVE-2011-3364
 Version: 4
Platform(s): Oracle Linux 6
 Product(s): NetworkManager
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2012-07-09 Name : RedHat Update for NetworkManager RHSA-2011:1338-01
File : nvt/gb_RHSA-2011_1338-01_NetworkManager.nasl
2012-04-02 Name : Fedora Update for NetworkManager FEDORA-2011-13425
File : nvt/gb_fedora_2011_13425_NetworkManager_fc16.nasl
2011-10-10 Name : Fedora Update for NetworkManager FEDORA-2011-13401
File : nvt/gb_fedora_2011_13401_NetworkManager_fc14.nasl
2011-09-30 Name : Fedora Update for NetworkManager FEDORA-2011-13388
File : nvt/gb_fedora_2011_13388_NetworkManager_fc15.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
77041 GNOME NetworkManager ifcfg-rh Plugin settings/plugins/ifcfg-rh/shvar.c svEsca...

Nessus® Vulnerability Scanner

Date Description
2013-07-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1338.nasl - Type : ACT_GATHER_INFO
2012-09-06 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-171.nasl - Type : ACT_GATHER_INFO
2012-08-01 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20110926_NetworkManager_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2011-10-10 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13401.nasl - Type : ACT_GATHER_INFO
2011-10-03 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13425.nasl - Type : ACT_GATHER_INFO
2011-09-30 Name : The remote Fedora host is missing a security update.
File : fedora_2011-13388.nasl - Type : ACT_GATHER_INFO
2011-09-27 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1338.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2011-September/0668...
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
MISC http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local...
https://bugzilla.redhat.com/show_bug.cgi?id=737338
REDHAT http://www.redhat.com/support/errata/RHSA-2011-1338.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
Date Informations
2021-05-04 12:17:31
  • Multiple Updates
2021-04-22 01:20:51
  • Multiple Updates
2020-05-23 00:31:05
  • Multiple Updates
2016-06-29 00:22:34
  • Multiple Updates
2014-02-17 11:05:04
  • Multiple Updates
2013-05-10 23:07:14
  • Multiple Updates