A vulnerability has been found in GNOME applet for NetworkManager allowing local attackers to access the local filesystem.
Package | gnome-extra/nm-applet on all architectures |
---|---|
Affected versions | < 1.4.6-r1 |
Unaffected versions | >= 1.4.6-r1 |
GNOME applet for NetworkManager is a GTK+ 3 front-end which works under Xorg environments with a systray.
Frederic Bardy and Quentin Biguenet discovered that GNOME applet for NetworkManager incorrectly checked permissions when connecting to certain wireless networks.
A local attacker could bypass security restrictions at the login screen to access local files.
There is no known workaround at this time.
All GNOME applet for NetworkManager users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=gnome-extra/nm-applet-1.4.6-r1"
Release date
July 08, 2017
Latest revision
August 06, 2017: 2
Severity
normal
Exploitable
local
Bugzilla entries