Red Hat Bugzilla – Bug 546117
CVE-2009-4145 NetworkManager: information disclosure by nm-connection-editor
Last modified: 2010-02-16 10:50:38 EST
+++ This bug was initially created as a clone of Bug #546115 +++
nm-connection-editor may inadvertently publish network configuration settings over D-Bus when a user changes those settings using the connection editor. D-Bus gives all clients a bus name (usually 1:XXX where XXX is an ever-increasing number) whenever the client connects to the bus. Even though this client is not exporting a /named/ service, it is still on the bus and if the client exports an object (even inadvertently, without registering a well-known bus name) signals emitted by that object will also be proxied onto the bus.
nm-connection-editor inadvertently exported connection objects on the bus, and when a user changes those connections though the connection editor GUI, the editor may emit a summary of those changes onto the bus, leading to the information disclosure.
1) start 'dbus-monitor --system' in a terminal
2) run nm-connection-editor
3) edit a connection that has secrets, like a protected wifi network
4) Upon clicking the "Apply" button, check the dbus-monitor terminal window; the wifi network password may have been emitted as part of the "Updated" signal for that connection
This is only a problem for NM 0.7.x present in Fedora <= 11 and RHEL5. The problem has been long corrected in NM 0.8 (F12+). Upstream commit to 0.7.x fixing this problem is here:
which fixes a small bug in the previous commit.
NetworkManager-0.7.2-2.git20091223.fc11 has been submitted as an update for Fedora 11.
NetworkManager-0.7.2-2.git20091223.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2010:0108 https://rhn.redhat.com/errata/RHSA-2010-0108.html