CVE-2011-2176 : GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local user

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.

Published 2011-09-02 23:55:05

Updated 2012-01-19 03:57:47

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2011-2176

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2011-2176

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
2.1	LOW	AV:L/AC:L/Au:N/C:N/I:P/A:N	3.9	2.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-2176

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-2176

http://www.mandriva.com/security/advisories?name=MDVSA-2011:171

mandriva.com

CVEs referencing this url
http://securitytracker.com/id?1025711

GNOME NetworkManager Lets Local Users Bypass PolicyKit Settings - SecurityTracker
https://bugzilla.redhat.com/show_bug.cgi?id=709662

709662 – (CVE-2011-2176) CVE-2011-2176 NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
http://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?h=NM_0_8
http://www.redhat.com/support/errata/RHSA-2011-0930.html

Support
http://lists.fedoraproject.org/pipermail/package-announce/2011-August/063665.html

[SECURITY] Fedora 14 Update: NetworkManager-0.8.4-2.git20110622.fc14

Products affected by CVE-2011-2176

Gnome » Networkmanager
Versions up to, including, (<=) 0.8.4
cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.7.2
cpe:2.3:a:gnome:networkmanager:0.7.2:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.6.2
cpe:2.3:a:gnome:networkmanager:0.6.2:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.6.1
cpe:2.3:a:gnome:networkmanager:0.6.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.2.0
cpe:2.3:a:gnome:networkmanager:0.2.0:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.7.1
cpe:2.3:a:gnome:networkmanager:0.7.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.5.0
cpe:2.3:a:gnome:networkmanager:0.5.0:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.4.1
cpe:2.3:a:gnome:networkmanager:0.4.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.8.2
cpe:2.3:a:gnome:networkmanager:0.8.2:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.8.1
cpe:2.3:a:gnome:networkmanager:0.8.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.6.0
cpe:2.3:a:gnome:networkmanager:0.6.0:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.5.1
cpe:2.3:a:gnome:networkmanager:0.5.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.7.0
cpe:2.3:a:gnome:networkmanager:0.7.0:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.6.6
cpe:2.3:a:gnome:networkmanager:0.6.6:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.3.1
cpe:2.3:a:gnome:networkmanager:0.3.1:*:*:*:*:*:*:*
Matching versions
Gnome » Networkmanager » Version: 0.3.0
cpe:2.3:a:gnome:networkmanager:0.3.0:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2011-2176

Exploit prediction scoring system (EPSS) score for CVE-2011-2176

CVSS scores for CVE-2011-2176

CWE ids for CVE-2011-2176

References for CVE-2011-2176

Products affected by CVE-2011-2176