{
  "threat_severity" : "Low",
  "public_date" : "2016-04-02T00:00:00Z",
  "bugzilla" : {
    "description" : "NetworkManager: Race condition allowing info leak",
    "id" : "1324025",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1324025"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-362",
  "details" : [ "Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary files during ifcfg and keyfile changes.", "A race condition vulnerability was discovered in NetworkManager. Temporary files were created insecurely when saving or updating connection settings, which could allow local users to read connection secrets such as VPN passwords or WiFi keys." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2581",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "libnl3-0:3.2.28-2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2581",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "NetworkManager-1:1.4.0-12.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2581",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "network-manager-applet-0:1.4.0-2.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2016-11-03T00:00:00Z",
    "advisory" : "RHSA-2016:2581",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "NetworkManager-libreswan-0:1.2.4-1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "NetworkManager",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "NetworkManager",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2016-0764\nhttps://nvd.nist.gov/vuln/detail/CVE-2016-0764\nhttps://mail.gnome.org/archives/networkmanager-list/2016-April/msg00000.html" ],
  "name" : "CVE-2016-0764",
  "csaw" : false
}