{"api_version":"1","generated_at":"2026-04-22T21:27:04+00:00","cve":"CVE-2009-0578","urls":{"html":"https://cve.report/CVE-2009-0578","api":"https://cve.report/api/cve/CVE-2009-0578.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2009-0578","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2009-0578"},"summary":{"title":"CVE-2009-0578","description":"GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2009-03-05 02:30:00","updated_at":"2017-09-29 01:33:00"},"problem_types":["CWE-264"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=487752","name":"https://bugzilla.redhat.com/show_bug.cgi?id=487752","refsource":"CONFIRM","tags":[],"title":"487752 – (CVE-2009-0578) CVE-2009-0578 NetworkManager: local users can modify the connection settings","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html","name":"SUSE-SR:2009:009","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Summary Report: SUSE-SR:2009:009","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html","name":"SUSE-SA:2009:013","refsource":"SUSE","tags":[],"title":"[security-announce] SUSE Security Announcement: dbus-1 (SUSE-SA:2009:013","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-0361.html","name":"RHSA-2009:0361","refsource":"REDHAT","tags":[],"title":"Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.ubuntu.com/usn/USN-727-1","name":"USN-727-1","refsource":"UBUNTU","tags":["Vendor Advisory"],"title":"USN-727-1: network-manager-applet vulnerabilities | Ubuntu","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id?1021909","name":"1021909","refsource":"SECTRACK","tags":[],"title":"GNOME NetworkManager Lets Local Users Modify Network Configuration Settings. - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49063","name":"networkmanager-dbus-security-bypass(49063)","refsource":"XF","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34473","name":"34473","refsource":"SECUNIA","tags":[],"title":"Red Hat update for NetworkManager - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://secunia.com/advisories/34067","name":"34067","refsource":"SECUNIA","tags":[],"title":"NetworkManager D-Bus Request Restriction Security Issues - Secunia Advisories - Vulnerability Information - Secunia.com","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931","name":"oval:org.mitre.oval:def:8931","refsource":"OVAL","tags":[],"title":"Repository  /  Oval Repository","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/33966","name":"33966","refsource":"BID","tags":[],"title":"NetworkManager Permission Enforcement Multiple Local Vulnrabilities","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2009-0578","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-0578","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2009","cve_id":"578","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu_linux","cpe6":"8.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2009","cve_id":"578","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"ubuntu","cpe5":"ubuntu_linux","cpe6":"8.10","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2009-0578","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html"},{"url":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html","refsource":"MISC","name":"http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00003.html"},{"url":"http://secunia.com/advisories/34067","refsource":"MISC","name":"http://secunia.com/advisories/34067"},{"url":"http://secunia.com/advisories/34473","refsource":"MISC","name":"http://secunia.com/advisories/34473"},{"url":"http://www.redhat.com/support/errata/RHSA-2009-0361.html","refsource":"MISC","name":"http://www.redhat.com/support/errata/RHSA-2009-0361.html"},{"url":"http://www.securityfocus.com/bid/33966","refsource":"MISC","name":"http://www.securityfocus.com/bid/33966"},{"url":"http://www.securitytracker.com/id?1021909","refsource":"MISC","name":"http://www.securitytracker.com/id?1021909"},{"url":"http://www.ubuntu.com/usn/USN-727-1","refsource":"MISC","name":"http://www.ubuntu.com/usn/USN-727-1"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49063","refsource":"MISC","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/49063"},{"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931","refsource":"MISC","name":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8931"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=487752","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=487752"}]}},"nvd":{"publishedDate":"2009-03-05 02:30:00","lastModifiedDate":"2017-09-29 01:33:00","problem_types":["CWE-264"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:S/C:N/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"NONE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":6.2},"severity":"MEDIUM","exploitabilityScore":3.1,"impactScore":9.2,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:ubuntu:ubuntu_linux:8.10:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2009","CveId":"578","Ordinal":"36659","Title":"CVE-2009-0578","CVE":"CVE-2009-0578","Year":"2009"},"notes":[{"CveYear":"2009","CveId":"578","Ordinal":"1","NoteData":"GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.","Type":"Description","Title":null},{"CveYear":"2009","CveId":"578","Ordinal":"2","NoteData":"2009-03-04","Type":"Other","Title":"Published"},{"CveYear":"2009","CveId":"578","Ordinal":"3","NoteData":"2017-09-28","Type":"Other","Title":"Modified"}]}}}