cvelistv5 - cve-2017-6590

CVE-2017-6590 (GCVE-0-2017-6590)

Vulnerability from cvelistv5 – Published: 2017-03-09 19:00 – Updated: 2024-08-05 15:33

Summary

An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

OPENSUSE-SU-2024:10603-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

NetworkManager-applet-1.24.0-1.2 on GA media

Notes

Title of the patch

NetworkManager-applet-1.24.0-1.2 on GA media

Description of the patch

These are all security issues fixed in the NetworkManager-applet-1.24.0-1.2 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10603

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "NetworkManager-applet-1.24.0-1.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the NetworkManager-applet-1.24.0-1.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10603",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10603-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-6590 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-6590/"
      }
    ],
    "title": "NetworkManager-applet-1.24.0-1.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10603-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "NetworkManager-applet-1.24.0-1.2.aarch64",
                "product": {
                  "name": "NetworkManager-applet-1.24.0-1.2.aarch64",
                  "product_id": "NetworkManager-applet-1.24.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
                "product": {
                  "name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
                  "product_id": "NetworkManager-applet-lang-1.24.0-1.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
                "product": {
                  "name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
                  "product_id": "NetworkManager-connection-editor-1.24.0-1.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "NetworkManager-applet-1.24.0-1.2.ppc64le",
                "product": {
                  "name": "NetworkManager-applet-1.24.0-1.2.ppc64le",
                  "product_id": "NetworkManager-applet-1.24.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
                "product": {
                  "name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
                  "product_id": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
                "product": {
                  "name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
                  "product_id": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "NetworkManager-applet-1.24.0-1.2.s390x",
                "product": {
                  "name": "NetworkManager-applet-1.24.0-1.2.s390x",
                  "product_id": "NetworkManager-applet-1.24.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
                "product": {
                  "name": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
                  "product_id": "NetworkManager-applet-lang-1.24.0-1.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
                "product": {
                  "name": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
                  "product_id": "NetworkManager-connection-editor-1.24.0-1.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "NetworkManager-applet-1.24.0-1.2.x86_64",
                "product": {
                  "name": "NetworkManager-applet-1.24.0-1.2.x86_64",
                  "product_id": "NetworkManager-applet-1.24.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
                "product": {
                  "name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
                  "product_id": "NetworkManager-applet-lang-1.24.0-1.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
                "product": {
                  "name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
                  "product_id": "NetworkManager-connection-editor-1.24.0-1.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64"
        },
        "product_reference": "NetworkManager-applet-1.24.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le"
        },
        "product_reference": "NetworkManager-applet-1.24.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x"
        },
        "product_reference": "NetworkManager-applet-1.24.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64"
        },
        "product_reference": "NetworkManager-applet-1.24.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-lang-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64"
        },
        "product_reference": "NetworkManager-applet-lang-1.24.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le"
        },
        "product_reference": "NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-lang-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x"
        },
        "product_reference": "NetworkManager-applet-lang-1.24.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-applet-lang-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64"
        },
        "product_reference": "NetworkManager-applet-lang-1.24.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-connection-editor-1.24.0-1.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64"
        },
        "product_reference": "NetworkManager-connection-editor-1.24.0-1.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le"
        },
        "product_reference": "NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-connection-editor-1.24.0-1.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x"
        },
        "product_reference": "NetworkManager-connection-editor-1.24.0-1.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "NetworkManager-connection-editor-1.24.0-1.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
        },
        "product_reference": "NetworkManager-connection-editor-1.24.0-1.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-6590",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-6590"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
          "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
          "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
          "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
          "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
          "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
          "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
          "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
          "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
          "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
          "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
          "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-6590",
          "url": "https://www.suse.com/security/cve/CVE-2017-6590"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1028792 for CVE-2017-6590",
          "url": "https://bugzilla.suse.com/1028792"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-applet-1.24.0-1.2.x86_64",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-applet-lang-1.24.0-1.2.x86_64",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.aarch64",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.ppc64le",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.s390x",
            "openSUSE Tumbleweed:NetworkManager-connection-editor-1.24.0-1.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-6590"
    }
  ]
}

GSD-2017-6590

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2017-6590

Aliases

CVE-2017-6590

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-6590",
    "description": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
    "id": "GSD-2017-6590",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-6590.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-6590"
      ],
      "details": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
      "id": "GSD-2017-6590",
      "modified": "2023-12-13T01:21:10.237382Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2017-6590",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.ubuntu.com/usn/usn-3217-1/",
            "refsource": "CONFIRM",
            "url": "https://www.ubuntu.com/usn/usn-3217-1/"
          },
          {
            "name": "GLSA-201707-09",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201707-09"
          },
          {
            "name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
            "refsource": "CONFIRM",
            "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
          },
          {
            "name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0",
            "refsource": "MISC",
            "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
          },
          {
            "name": "1037977",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1037977"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-6590"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-863"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.youtube.com/watch?v=Fp2lwRVg0l0",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
            },
            {
              "name": "https://www.ubuntu.com/usn/usn-3217-1/",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://www.ubuntu.com/usn/usn-3217-1/"
            },
            {
              "name": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
            },
            {
              "name": "GLSA-201707-09",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201707-09"
            },
            {
              "name": "1037977",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1037977"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "PHYSICAL",
            "availabilityImpact": "HIGH",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 0.4,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2019-10-03T00:03Z",
      "publishedDate": "2017-03-09T19:59Z"
    }
  }
}

CNVD-2017-03198

Vulnerability from cnvd - Published: 2017-03-22

Title

Ubuntu存在本地漏洞

Description

Ubuntu是英国科能（Canonical）公司和Ubuntu基金会共同开发的一套以桌面应用为主的GNU/Linux操作系统。 Ubuntu 12.04 LTS，14.04 LTS，16.04 LTS和16.10中的network-manager-applet（又名network-manager-gnome）存在安全漏洞。本地攻击者可以在默认的Ubuntu登录屏幕上使用此漏洞来访问本地文件，并执行任意命令作为lightdm用户。

Severity

中

Patch Name

Ubuntu存在本地漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，详情请关注厂商主页: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321

Reference

https://www.ubuntu.com/usn/usn-3217-1/

Impacted products

Name
['Ubuntu Ubuntu Linux 16.04 LTS', 'Ubuntu Ubuntu Linux 16.10', 'Ubuntu Ubuntu Linux 14.04 LTS', 'Ubuntu Ubuntu Linux 12.04 LTS']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6590",
      "cveUrl": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6590"
    }
  },
  "description": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nUbuntu 12.04 LTS\uff0c14.04 LTS\uff0c16.04 LTS\u548c16.10\u4e2d\u7684network-manager-applet\uff08\u53c8\u540dnetwork-manager-gnome\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u9ed8\u8ba4\u7684Ubuntu\u767b\u5f55\u5c4f\u5e55\u4e0a\u4f7f\u7528\u6b64\u6f0f\u6d1e\u6765\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u547d\u4ee4\u4f5c\u4e3alightdm\u7528\u6237\u3002",
  "discovererName": "BIGUENET Quentin",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875:\r\nhttps://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-03198",
  "openTime": "2017-03-22",
  "patchDescription": "Ubuntu\u662f\u82f1\u56fd\u79d1\u80fd\uff08Canonical\uff09\u516c\u53f8\u548cUbuntu\u57fa\u91d1\u4f1a\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5\u684c\u9762\u5e94\u7528\u4e3a\u4e3b\u7684GNU/Linux\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nUbuntu 12.04 LTS\uff0c14.04 LTS\uff0c16.04 LTS\u548c16.10\u4e2d\u7684network-manager-applet\uff08\u53c8\u540dnetwork-manager-gnome\uff09\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u4ee5\u5728\u9ed8\u8ba4\u7684Ubuntu\u767b\u5f55\u5c4f\u5e55\u4e0a\u4f7f\u7528\u6b64\u6f0f\u6d1e\u6765\u8bbf\u95ee\u672c\u5730\u6587\u4ef6\uff0c\u5e76\u6267\u884c\u4efb\u610f\u547d\u4ee4\u4f5c\u4e3alightdm\u7528\u6237\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Ubuntu\u5b58\u5728\u672c\u5730\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Ubuntu Ubuntu Linux 16.04 LTS",
      "Ubuntu Ubuntu Linux 16.10",
      "Ubuntu Ubuntu Linux 14.04 LTS",
      "Ubuntu Ubuntu Linux 12.04 LTS"
    ]
  },
  "referenceLink": "https://www.ubuntu.com/usn/usn-3217-1/",
  "serverity": "\u4e2d",
  "submitTime": "2017-03-10",
  "title": "Ubuntu\u5b58\u5728\u672c\u5730\u6f0f\u6d1e"
}

WID-SEC-W-2025-0117

Vulnerability from csaf_certbund - Published: 2017-03-07 23:00 - Updated: 2025-01-19 23:00

Summary

Linux Kernel: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Der Kernel stellt den Kern des Linux Betriebssystems dar.

Angriff

Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um administrative Privilegien zu erlangen, einen Denial of Service Angriff durchzuführen oder Sicherheitsmechanismen zu umgehen.

Betroffene Betriebssysteme

- Linux

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein lokaler Angreifer kann mehrere Schwachstellen in Linux Kernel ausnutzen, um administrative Privilegien zu erlangen, einen Denial of Service Angriff durchzuf\u00fchren oder Sicherheitsmechanismen zu umgehen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0117 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-0117.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0117 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0117"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3218 vom 2017-03-07",
        "url": "https://www.ubuntu.com/usn/usn-3218-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3219 vom 2017-03-07",
        "url": "https://www.ubuntu.com/usn/usn-3219-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3220 vom 2017-03-07",
        "url": "https://www.ubuntu.com/usn/usn-3220-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3221 vom 2017-03-07",
        "url": "https://www.ubuntu.com/usn/usn-3221-1/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3217 vom 2017-03-07",
        "url": "https://www.ubuntu.com/usn/usn-3217-1/"
      },
      {
        "category": "external",
        "summary": "Meldung auf der oss-sec Mailliste vom 2017-03-07",
        "url": "http://seclists.org/oss-sec/2017/q1/569"
      },
      {
        "category": "external",
        "summary": "Eintrag im Red Hat CVE Database CVE-2017-2336 vom 2017-03-07",
        "url": "https://access.redhat.com/security/cve/CVE-2017-2636"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0864-1 vom 2017-03-30",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170864-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0866-1 vom 2017-03-30",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170866-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0865-1 vom 2017-03-30",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20170865-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3533 vom 2017-04-01",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3533.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3534 vom 2017-04-01",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3534.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3535 vom 2017-04-01",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3535.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0913-1 vom 2017-04-03",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00005.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:0912-1 vom 2017-04-03",
        "url": "https://lists.opensuse.org/opensuse-security-announce/2017-04/msg00004.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0892 vom 2017-04-11",
        "url": "https://access.redhat.com/errata/RHSA-2017:0892"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-0892 vom 2017-04-11",
        "url": "http://linux.oracle.com/errata/ELSA-2017-0892.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0933 vom 2017-04-12",
        "url": "https://access.redhat.com/errata/RHSA-2017:0933"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0931 vom 2017-04-12",
        "url": "https://access.redhat.com/errata/RHSA-2017:0931"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0932 vom 2017-04-12",
        "url": "https://access.redhat.com/errata/RHSA-2017:0932"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-0933 vom 2017-04-13",
        "url": "http://linux.oracle.com/errata/ELSA-2017-0933.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:0986 vom 2017-04-18",
        "url": "https://access.redhat.com/errata/RHSA-2017:0986"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1126 vom 2017-04-25",
        "url": "https://access.redhat.com/errata/RHSA-2017:1126"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1125 vom 2017-04-25",
        "url": "https://access.redhat.com/errata/RHSA-2017:1125"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K68852819 vom 2017-05-02",
        "url": "https://support.f5.com/csp/article/K68852819"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1183-1 vom 2017-05-06",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171183-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1247-1 vom 2017-05-12",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171247-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1301-1 vom 2017-05-16",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171301-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3567 vom 2017-05-16",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3567.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1233 vom 2017-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2017:1233"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1232 vom 2017-05-16",
        "url": "https://access.redhat.com/errata/RHSA-2017:1232"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1360-1 vom 2017-05-20",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171360-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:1488 vom 2017-06-19",
        "url": "https://access.redhat.com/errata/RHSA-2017:1488"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:1990-1 vom 2017-07-28",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171990-1.html"
      },
      {
        "category": "external",
        "summary": "RedHat Security Advisory RHSA-2017:2077",
        "url": "https://access.redhat.com/errata/RHSA-2017:2077"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2049-1 vom 2017-08-05",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172049-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2043-1 vom 2017-08-05",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172043-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2060-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172060-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2061-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172061-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2068-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172068-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2067-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172067-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2063-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172063-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2065-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172065-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2062-1 vom 2017-08-07",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172062-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2073-1 vom 2017-08-08",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172073-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2072-1 vom 2017-08-08",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172072-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2095-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172095-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2093-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172093-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2088-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172088-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2092-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172092-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2099-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172099-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2096-1 vom 2017-08-09",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172096-1.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2444 vom 2017-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2017:2444"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2017:2437 vom 2017-08-08",
        "url": "https://access.redhat.com/errata/RHSA-2017:2437"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3605 vom 2017-08-17",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3605.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3606 vom 2017-08-18",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3606.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3609 vom 2017-08-24",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3609.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2342-1 vom 2017-09-05",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172342-1.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3422-1 vom 2017-09-19",
        "url": "http://www.ubuntu.com/usn/usn-3422-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3422-1 vom 2017-09-19",
        "url": "http://www.ubuntu.com/usn/usn-3422-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2017:2525-1 vom 2017-09-19",
        "url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172525-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2017-3658 vom 2017-12-08",
        "url": "http://linux.oracle.com/errata/ELSA-2017-3658.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-4021 vom 2018-01-28",
        "url": "http://linux.oracle.com/errata/ELSA-2018-4021.html"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K18015201 vom 2018-04-03",
        "url": "https://support.f5.com/csp/article/K18015201"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2018-1854 vom 2018-06-26",
        "url": "http://linux.oracle.com/errata/ELSA-2018-1854.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2025:0152-1 vom 2025-01-17",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2025-January/020152.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Linux Kernel: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-01-19T23:00:00.000+00:00",
      "generator": {
        "date": "2025-01-20T09:28:13.447+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.10"
        }
      },
      "id": "WID-SEC-W-2025-0117",
      "initial_release_date": "2017-03-07T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-03-07T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-03-07T23:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-07T23:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-09T23:00:00.000+00:00",
          "number": "4",
          "summary": "CVE added"
        },
        {
          "date": "2017-03-09T23:00:00.000+00:00",
          "number": "5",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-03-09T23:00:00.000+00:00",
          "number": "6",
          "summary": "Added references"
        },
        {
          "date": "2017-04-02T22:00:00.000+00:00",
          "number": "7",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-03T22:00:00.000+00:00",
          "number": "8",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-11T22:00:00.000+00:00",
          "number": "9",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-12T22:00:00.000+00:00",
          "number": "10",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-18T22:00:00.000+00:00",
          "number": "11",
          "summary": "New remediations available"
        },
        {
          "date": "2017-04-25T22:00:00.000+00:00",
          "number": "12",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-01T22:00:00.000+00:00",
          "number": "13",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-07T22:00:00.000+00:00",
          "number": "14",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-11T22:00:00.000+00:00",
          "number": "15",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-15T22:00:00.000+00:00",
          "number": "16",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-16T22:00:00.000+00:00",
          "number": "17",
          "summary": "New remediations available"
        },
        {
          "date": "2017-05-21T22:00:00.000+00:00",
          "number": "18",
          "summary": "New remediations available"
        },
        {
          "date": "2017-06-19T22:00:00.000+00:00",
          "number": "19",
          "summary": "New remediations available"
        },
        {
          "date": "2017-07-09T22:00:00.000+00:00",
          "number": "20",
          "summary": "Added references"
        },
        {
          "date": "2017-08-01T22:00:00.000+00:00",
          "number": "21",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-06T22:00:00.000+00:00",
          "number": "22",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-07T22:00:00.000+00:00",
          "number": "23",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-08T22:00:00.000+00:00",
          "number": "24",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-08T22:00:00.000+00:00",
          "number": "25",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-08T22:00:00.000+00:00",
          "number": "26",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-17T22:00:00.000+00:00",
          "number": "27",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-20T22:00:00.000+00:00",
          "number": "28",
          "summary": "New remediations available"
        },
        {
          "date": "2017-08-23T22:00:00.000+00:00",
          "number": "29",
          "summary": "New remediations available"
        },
        {
          "date": "2017-09-04T22:00:00.000+00:00",
          "number": "30",
          "summary": "New remediations available"
        },
        {
          "date": "2017-09-18T22:00:00.000+00:00",
          "number": "31",
          "summary": "New remediations available"
        },
        {
          "date": "2017-09-19T22:00:00.000+00:00",
          "number": "32",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-10T23:00:00.000+00:00",
          "number": "33",
          "summary": "New remediations available"
        },
        {
          "date": "2017-12-10T23:00:00.000+00:00",
          "number": "34",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-01-28T23:00:00.000+00:00",
          "number": "35",
          "summary": "New remediations available"
        },
        {
          "date": "2018-04-03T22:00:00.000+00:00",
          "number": "36",
          "summary": "New remediations available"
        },
        {
          "date": "2018-04-03T22:00:00.000+00:00",
          "number": "37",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2018-06-26T22:00:00.000+00:00",
          "number": "38",
          "summary": "New remediations available"
        },
        {
          "date": "2025-01-19T23:00:00.000+00:00",
          "number": "39",
          "summary": "Neue Updates von SUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "39"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.0.0",
                "product": {
                  "name": "F5 BIG-IP 13.0.0",
                  "product_id": "T009498",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:big-ip:13.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "BIG-IP"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1.1",
                "product": {
                  "name": "F5 Enterprise Manager 3.1.1",
                  "product_id": "269870",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:f5:enterprise_manager:3.1.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Manager"
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c4.8.14",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.8.14",
                  "product_id": "T009131"
                }
              },
              {
                "category": "product_version",
                "name": "4.8.14",
                "product": {
                  "name": "Open Source Linux Kernel 4.8.14",
                  "product_id": "T009131-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.8.14"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c4.10.1",
                "product": {
                  "name": "Open Source Linux Kernel \u003c4.10.1",
                  "product_id": "T009484"
                }
              },
              {
                "category": "product_version",
                "name": "4.10.1",
                "product": {
                  "name": "Open Source Linux Kernel 4.10.1",
                  "product_id": "T009484-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:linux:linux_kernel:4.10.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux Kernel"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6",
                "product": {
                  "name": "Red Hat Enterprise Linux 6",
                  "product_id": "120737",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:6"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7",
                "product": {
                  "name": "Red Hat Enterprise Linux 7",
                  "product_id": "T008931",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:v.7.3:aus"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2",
                "product": {
                  "name": "Red Hat Enterprise MRG 2",
                  "product_id": "152304",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_mrg:2.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise MRG"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 12.04 LTS",
                  "product_id": "170497",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:12.04:-:lts"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "14.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 14.04 LTS",
                  "product_id": "T003005",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.04 LTS",
                "product": {
                  "name": "Ubuntu Linux 16.04 LTS",
                  "product_id": "T007521",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:16.04_lts"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "16.1",
                "product": {
                  "name": "Ubuntu Linux 16.10",
                  "product_id": "T008726",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:canonical:ubuntu_linux:16.10"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Linux"
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-10200",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit der l2tp_ip6_bind() Funktion in der L2TPv3 IP Encapsulation. Ein lokaler Angreifer kann ein Racecondition ausl\u00f6sen, um dadurch einen Denial of Service Zustand herbeizuf\u00fchren oder um seine Privilegien zu erh\u00f6hen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008931",
          "170497",
          "T007521",
          "T002207",
          "T008726",
          "152304",
          "T003005",
          "120737",
          "T009484",
          "T009131",
          "T004914"
        ]
      },
      "release_date": "2017-03-07T23:00:00.000+00:00",
      "title": "CVE-2016-10200"
    },
    {
      "cve": "CVE-2017-2636",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel im Zusammenhang mit dem N_HLDC Linux kernel Treiber (drivers/tty/n_hdlc.c). Ein lokaler Angreifer kann die Schwachstelle nutzen, um administrative Privilegien erlangen oder einen Denial of Service Angriff durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008931",
          "T007521",
          "T008726",
          "T003005",
          "T004914",
          "170497",
          "T002207",
          "152304",
          "120737",
          "T009484",
          "T009131",
          "269870",
          "T009498"
        ]
      },
      "release_date": "2017-03-07T23:00:00.000+00:00",
      "title": "CVE-2017-2636"
    },
    {
      "cve": "CVE-2017-6590",
      "notes": [
        {
          "category": "description",
          "text": "Es existiert eine Schwachstelle im Linux Kernel in Zusammenhang mit dem network-manager-applet in GNOME. Ein Angreifer mit physikalischem Zugang zum System kann diese Schwachstelle nutzen, um Sicherheitsmechanismen zu umgehen und Zugriff auf das lokale Dateisystem eines gesperrten Clients zur erlangen. F\u00fcr einen erfolgreichen Anfgriff muss Wi-fi aktiviert sein."
        }
      ],
      "product_status": {
        "known_affected": [
          "T008931",
          "170497",
          "T007521",
          "T002207",
          "T008726",
          "152304",
          "T003005",
          "120737",
          "T009484",
          "T009131",
          "T004914"
        ]
      },
      "release_date": "2017-03-07T23:00:00.000+00:00",
      "title": "CVE-2017-6590"
    }
  ]
}

FKIE_CVE-2017-6590

Vulnerability from fkie_nvd - Published: 2017-03-09 19:59 - Updated: 2025-04-20 01:37

Severity ?

6.3 (Medium) - CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://www.securitytracker.com/id/1037977
cve@mitre.org	https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321	Issue Tracking, Patch
cve@mitre.org	https://security.gentoo.org/glsa/201707-09
cve@mitre.org	https://www.ubuntu.com/usn/usn-3217-1/	Patch, Vendor Advisory
cve@mitre.org	https://www.youtube.com/watch?v=Fp2lwRVg0l0	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1037977
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201707-09
af854a3a-2127-422b-91ae-364da2661108	https://www.ubuntu.com/usn/usn-3217-1/	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.youtube.com/watch?v=Fp2lwRVg0l0	Exploit, Third Party Advisory

Impacted products

Vendor	Product	Version
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	16.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AFB20FA-CB00-4729-AB3A-816454C6D096",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un problema en network-manager-applet (tambi\u00e9n conocido como network-manager-gnome) en Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS y 16.10. Un atacante local podr\u00eda usar este problema en la pantalla de inicio de sesi\u00f3n predeterminada de Ubuntu para acceder a archivos locales y ejecutar comandos arbitrarios como el usuario lightdm. La explotaci\u00f3n requiere de acceso f\u00edsico al ordenador bloqueado y la conexi\u00f3n Wi-Fi debe estar activada. Un punto de acceso que permita utilizar un certificado para iniciar sesi\u00f3n es tambi\u00e9n necesario, pero es f\u00e1cil crear uno. Entonces, es posible abrir una ventana de nautilus y explorar directorios. Uno tambi\u00e9n puede abrir algunas aplicaciones tales como Firefox, que es \u00fatil para descargar binarios maliciosos."
    }
  ],
  "id": "CVE-2017-6590",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "PHYSICAL",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 0.4,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-03-09T19:59:00.317",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1037977"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201707-09"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ubuntu.com/usn/usn-3217-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1037977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201707-09"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.ubuntu.com/usn/usn-3217-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-WRX7-QM3P-QW79

Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33

Details

Severity ?

6.3 (Medium)


                  
                    CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2017-6590"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2017-03-09T19:59:00Z",
    "severity": "MODERATE"
  },
  "details": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
  "id": "GHSA-wrx7-qm3p-qw79",
  "modified": "2025-04-20T03:33:56Z",
  "published": "2022-05-13T01:46:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6590"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201707-09"
    },
    {
      "type": "WEB",
      "url": "https://www.ubuntu.com/usn/usn-3217-1"
    },
    {
      "type": "WEB",
      "url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1037977"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-6590 (GCVE-0-2017-6590)

OPENSUSE-SU-2024:10603-1

GSD-2017-6590

CNVD-2017-03198

WID-SEC-W-2025-0117

FKIE_CVE-2017-6590

GHSA-WRX7-QM3P-QW79

Tags

Sightings

Nomenclature