Description
Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.
References (5)
Core 5
Core References
Exploit x_refsource_misc
http://xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.html
Exploit, Patch x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=737338
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:171
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1338.html
Scores
EPSS
0.0009
EPSS Percentile
24.7%
Details
Status
published
Products (1)
gnome/ifcfg-rh_plug-in
Published
Nov 04, 2011
Tracked Since
Feb 18, 2026