Unrated severityNVD Advisory· Published Nov 4, 2011· Updated Apr 29, 2026

CVE-2011-3364

Description

Incomplete blacklist vulnerability in the svEscape function in settings/plugins/ifcfg-rh/shvar.c in the ifcfg-rh plug-in for GNOME NetworkManager 0.9.1, 0.9.0, 0.8.1, and possibly other versions, when PolicyKit is configured to allow users to create new connections, allows local users to execute arbitrary commands via a newline character in the name for a new network connection, which is not properly handled when writing to the ifcfg file.

Affected products

GNOME Foundation/Ifcfg Rh Plug In
cpe:2.3:a:gnome:ifcfg-rh_plug-in:*:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xorl.wordpress.com/2011/10/09/cve-2011-3364-gnome-networkmanager-local-privilege-escalation/nvdExploit
bugzilla.redhat.com/show_bug.cginvdExploitPatch
lists.fedoraproject.org/pipermail/package-announce/2011-September/066828.htmlnvd
www.mandriva.com/security/advisoriesnvd
www.redhat.com/support/errata/RHSA-2011-1338.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000