CVE-2011-1943

NameCVE-2011-1943
DescriptionThe destroy_one_secret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
network-manager-openvpn (PTS)buster1.8.10-1fixed
bullseye1.8.12-2fixed
bookworm1.10.2-2fixed
sid, trixie1.10.2-4fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
network-manager-openvpnsource(unstable)(not affected)

Notes

- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
https://bugzilla.redhat.com/show_bug.cgi?id=708876
Search for package or bug name: Reporting problems