It was discovered that consolehelper configuration files (/etc/security/console.apps/system-config-network*) as shipped in Fedora 8 system-config-network packages allowed any local console user to start system-config-network configuration program with root privileges by providing only user password, not administrator password. This allows any user with local console access to change network configuration of the host. Configuration file did not include USER=root directive and tried to include file config-util, which does not exist on Fedora 8 and is only provided by usermode package in Fedora 9. Without USER= specification, consolehelper prompted user for user password instead of intended root password.
This issue did not affect other Fedora versions or system-config-network in Red Hat Enterprise Linux 4 and 5 and redhat-config-network in Red Hat Enterprise Linux 2.1 and 3.
system-config-network-1.5.10-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-4633