Immunity, Inc.
Name NetworkManagerUnSecret
CVE CVE-2009-0365
Exploit Pack CANVAS
DescriptionNetworkManager: GetSecrets disclosure
NotesCVE Name: CVE-2009-0365
VENDOR: Linux
Notes: This allows you to get secrets about wireless network connections from the NetworkManager (0.6.x and 0.7.x) for connections that other users have set up,
for it to work correctly another user must be logged in with NetworkManager running in their context (e.g. have the nm-applet running in their task bar). The exploit simply
uploads a path script to do the querying of the DBUS interfaces. The dbus python package is required to be present on the target for the script to run correctly, however
this appears to be installed by default on most modern linux distributions. If it is not you could always upload and install it yourself :)
Repeatability: Infinite
References: http://www.securityfocus.com/bid/33966
CVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0365
CERT Advisory: None
Date public: 03/03/2009
CVSS: 4.6

Learn more about the CANVAS Exploit Pack here: CANVAS