The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
References
Link | Resource |
---|---|
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 | Patch Third Party Advisory |
http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html | Third Party Advisory |
http://www.openwall.com/lists/oss-security/2011/05/31/6 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2011/05/31/7 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=708876 | Issue Tracking Patch Third Party Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/68057 | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2011-06-14T17:00:00
Updated: 2017-08-16T14:57:01
Reserved: 2011-05-09T00:00:00
Link: CVE-2011-1943
JSON object: View
NVD Information
Status : Analyzed
Published: 2011-06-14T17:55:05.423
Modified: 2021-11-02T17:16:36.893
Link: CVE-2011-1943
JSON object: View
Redhat Information
No data.
CWE