2.1 CVE-2011-1943

Patch

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
https://nvd.nist.gov/vuln/detail/CVE-2011-1943

Categories

CWE-532 : Insertion of Sensitive Information into Log File
Information written to log files can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Consider seriously the sensitivity of the information written into log files. Do not write secrets into the log files. Remove debug log files before deploying the application into production. Protect log files against unauthorized read/write. Adjust configurations appropriately when software is transitioned from a debug state to production. verbose logging stores admin credentials in a world-readable log file SSH password for private key stored in build log

References

CONFIRM Patch

https://bugzilla.redhat.com/show_bug.cgi?id=708876 Issue Tracking Patch Third Party Advisory
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6 Patch Third Party Advisory

FEDORA

FEDORA-2011-7919 Third Party Advisory

XF

networkmanager-secret-info-disclosure(68057) Third Party Advisory VDB Entry

_MLIST

[oss-security] 20110531 Re: CVE request: NetworkManager-openvpn logs cert password Mailing List Third Party Advisory
[oss-security] 20110531 CVE request: NetworkManager-openvpn logs cert password Mailing List Third Party Advisory

CPE

ProHacktive is continuously improving the CVE entries in Nist to avoid false positives. This CVE has been modified and you will find an in front of each modified CPE.

cpe	start	end
Configuration 1
cpe:2.3:a:gnome:networkmanager::::::::		< 0.8.9997
Configuration 2
cpe:2.3:o:fedoraproject:fedora:15:::::::*

REMEDIATION

Patch

Url
https://bugzilla.redhat.com/show_bug.cgi?id=708876
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=78ce088843d59d4494965bfc40b30a2e63d065f6

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
215	Fuzzing for application mapping An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. [Observe communication and inputs] The fuzzing adversary observes the target system looking for inputs and communications between modules, subsystems, or systems. [Generate fuzzed inputs] Given a fuzzing tool, a target input or protocol, and limits on time, complexity, and input variety, generate a list of inputs to try. Although fuzzing is random, it is not exhaustive. Parameters like length, composition, and how many variations to try are important to get the most cost-effective impact from the fuzzer. [Observe the outcome] Observe the outputs to the inputs fed into the system by fuzzers and see if there are any log or error messages that might provide information to map the application [Craft exploit payloads] An adversary usually needs to modify the fuzzing parameters according to the observed error messages to get the desired sensitive information for the application. To defeat correlation, the adversary may try changing the origin IP addresses or client browser identification strings or start a new session from where they left off in obfuscating the attack.	Low

MITRE

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution