Home

CVE-2011-3364

Description

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.087

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-0.8.1-9.el6_1.3.i686.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-0.8.1-9.el6_1.3.x86_64.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-devel-0.8.1-9.el6_1.3.i686.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-devel-0.8.1-9.el6_1.3.x86_64.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-glib-0.8.1-9.el6_1.3.i686.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-glib-0.8.1-9.el6_1.3.x86_64.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-glib-devel-0.8.1-9.el6_1.3.i686.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-glib-devel-0.8.1-9.el6_1.3.x86_64.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-gnome-0.8.1-9.el6_1.3.i686.rpmLinux
(RHSA-2011:1338) Moderate: NetworkManager security update NetworkManager-gnome-0.8.1-9.el6_1.3.x86_64.rpmLinux
Libnl3-cli update (ELSA-2017-2299) libnl3-cli-3.2.28-4.el7.x86_64.rpmLinux
Libnl3 update (ELSA-2017-2299) libnl3-3.2.28-4.el7.i686.rpmLinux
NetworkManager-libreswan update (ELSA-2017-2299) NetworkManager-libreswan-1.2.4-2.el7.x86_64.rpmLinux
NetworkManager-libreswan-gnome update (ELSA-2017-2299) NetworkManager-libreswan-gnome-1.2.4-2.el7.x86_64.rpmLinux
Libnl3 update (ELSA-2017-2299) libnl3-3.2.28-4.el7.x86_64.rpmLinux
Libnl3-cli update (ELSA-2017-2299) libnl3-cli-3.2.28-4.el7.i686.rpmLinux
NetworkManager-config-connectivity-oracle update (ELSA-2025-20113) NetworkManager-config-connectivity-oracle-1.40.16-18.0.3.el8_10.noarch.rpmLinux
NetworkManager-cloud-setup update (ELSA-2025-20113) NetworkManager-cloud-setup-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-bluetooth update (ELSA-2025-20113) NetworkManager-bluetooth-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-adsl update (ELSA-2025-20113) NetworkManager-adsl-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager update (ELSA-2025-20113) NetworkManager-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-config-server update (ELSA-2025-20113) NetworkManager-config-server-1.40.16-18.0.3.el8_10.noarch.rpmLinux
NetworkManager-dispatcher-routing-rules update (ELSA-2025-20113) NetworkManager-dispatcher-routing-rules-1.40.16-18.0.3.el8_10.noarch.rpmLinux
NetworkManager-initscripts-updown update (ELSA-2025-20113) NetworkManager-initscripts-updown-1.40.16-18.0.3.el8_10.noarch.rpmLinux
NetworkManager-libnm update (ELSA-2025-20113) NetworkManager-libnm-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-ovs update (ELSA-2025-20113) NetworkManager-ovs-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-ppp update (ELSA-2025-20113) NetworkManager-ppp-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-team update (ELSA-2025-20113) NetworkManager-team-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-tui update (ELSA-2025-20113) NetworkManager-tui-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-wifi update (ELSA-2025-20113) NetworkManager-wifi-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-wwan update (ELSA-2025-20113) NetworkManager-wwan-1.40.16-18.0.3.el8_10.x86_64.rpmLinux
NetworkManager-libnm update (ELSA-2025-20113) NetworkManager-libnm-1.40.16-18.0.3.el8_10.i686.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234