Auth bypass in Gnome Networkmanager

CVE-2011-2176

GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.

Vulnerability class: Broken Authentication

EPSS: 0.001 (17.3th percentile) — read the EPSS interpretation.

Affected products

Gnome Networkmanager — versions 0.2.0, 0.3.0, 0.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-287 — Improper Authentication

References

secalert@redhat.com (x_refsource_CONFIRM)
1025711 (vdb-entry, x_refsource_SECTRACK)
FEDORA-2011-8612 (x_refsource_FEDORA, vendor-advisory)
RHSA-2011:0930 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
MDVSA-2011:171 (vendor-advisory, x_refsource_MANDRIVA)
44858 (x_refsource_SECUNIA, third-party-advisory)