Vulnerabilities > CVE-2011-1943 - Information Exposure Through Log Files vulnerability in multiple products

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
local
low complexity
gnome
fedoraproject
CWE-532
nessus
NVD
Published: 2011-06-14
Updated: 2021-11-02

Summary

The destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.

Vulnerable Configurations

Part Description Count
Application
Gnome
52
OS
Fedoraproject
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Fuzzing and observing application log data/errors for application mapping
    An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes the application's log or error messages returned. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to observe the application's log and error messages, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. By observing logs and error messages, the attacker can learn details about the configuration of the target application and might be able to cause the target to disclose sensitive information.

Nessus

NASL familyFedora Local Security Checks
NASL idFEDORA_2011-7919.NASL
descriptionThis update includes no changes to NetworkManager but ensures that the latest update is installed to fix a security issue in NetworkManager-0.8.999-3.git20110526. This issue was previously fixed in NetworkManager-0.8.9997-1.git20110531.fc15 but was not marked as a security update. NetworkManager-0.8.999-3.git20110526 inadvertently included a piece of debugging code that may have logged some VPN passwords to syslog. That version was available as an update for five (5) days before the fixed version was available. Users are advised to inspect log files in /var/log (and any backups) for VPN passwords and remove any that are found. The string
last seen2020-06-01
modified2020-06-02
plugin id55061
published2011-06-12
reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/55061
titleFedora 15 : NetworkManager-0.8.9997-2.git20110531.fc15 (2011-7919)
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Fedora Security Advisory 2011-7919.
#

include("compat.inc");

if (description)
{
  script_id(55061);
  script_version("1.8");
  script_cvs_date("Date: 2019/08/02 13:32:35");

  script_cve_id("CVE-2011-1943");
  script_xref(name:"FEDORA", value:"2011-7919");

  script_name(english:"Fedora 15 : NetworkManager-0.8.9997-2.git20110531.fc15 (2011-7919)");
  script_summary(english:"Checks rpm output for the updated package.");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Fedora host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update includes no changes to NetworkManager but ensures that the
latest update is installed to fix a security issue in
NetworkManager-0.8.999-3.git20110526. This issue was previously fixed
in NetworkManager-0.8.9997-1.git20110531.fc15 but was not marked as a
security update.

NetworkManager-0.8.999-3.git20110526 inadvertently included a piece of
debugging code that may have logged some VPN passwords to syslog. That
version was available as an update for five (5) days before the fixed
version was available. Users are advised to inspect log files in
/var/log (and any backups) for VPN passwords and remove any that are
found. The string 'destroy_one_secret' may be used to identify files
to be cleaned, such as by using the following command: 'grep -riI
'destroy_one_secret' /var/log'.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.redhat.com/show_bug.cgi?id=708876"
  );
  # https://lists.fedoraproject.org/pipermail/package-announce/2011-June/061329.html
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?7e2a4836"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected NetworkManager package."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:NetworkManager");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");

  script_set_attribute(attribute:"patch_publication_date", value:"2011/06/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2011/06/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
  script_family(english:"Fedora Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);

flag = 0;
if (rpm_check(release:"FC15", reference:"NetworkManager-0.8.9997-2.git20110531.fc15")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "NetworkManager");
}

References