CVE-2009-4144
First published: Fri Dec 11 2009(Updated: )
+++ This bug was initially created as a clone of <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=546793">Bug #546793</a> +++ See also: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067</a> If the user had set up a WPA Enterprise or 802.1x connection that used a CA certificate to verify the identity of the network to which the user was connecting, and the user deleted or moved that CA certificate file at a later point, NetworkManager will still connect to that network but without using the CA certificate. This could result in connections to a rogue network that is spoofing the original network as the identity of the network is not verified with the CA certificate after the certificate has been deleted. Obviously requires direct interaction by the user that configured the connection in the first place to remove the CA certificate file. --- Additional comment from dcbw on 2009-12-11 18:50:57 EDT --- Upstream fix is: <a href="http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b">http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| NetworkManager | =0.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=546795
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067
- http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b
- http://www.openwall.com/lists/oss-security/2009/12/16/3
- http://www.redhat.com/support/errata/RHSA-2010-0108.html
- http://secunia.com/advisories/38420
- http://www.securityfocus.com/bid/37580
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11315
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=546793
- http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b
- http://admin.fedoraproject.org/updates/NetworkManager-0.7.2-2.git20091223.fc11
- https://rhn.redhat.com/errata/RHSA-2010-0108.html
Frequently Asked Questions
What is the severity of CVE-2009-4144?
CVE-2009-4144 is classified as a low-severity vulnerability affecting NetworkManager versions 0.7.2.
How do I fix CVE-2009-4144?
To fix CVE-2009-4144, update NetworkManager to a version that includes the relevant security patches beyond 0.7.2.
What systems are impacted by CVE-2009-4144?
CVE-2009-4144 specifically affects systems running NetworkManager version 0.7.2.
What type of vulnerability is CVE-2009-4144?
CVE-2009-4144 is a bug that may lead to unexpected behavior in NetworkManager.
Is there a workaround for CVE-2009-4144?
There is no officially recommended workaround for CVE-2009-4144 other than upgrading the affected software.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4144
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/gnome
- canonical/networkmanager
- version/networkmanager/0.7.2