CVE-2009-4144
First published: Fri Dec 11 2009(Updated: )
+++ This bug was initially created as a clone of <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=546793">Bug #546793</a> +++ See also: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067</a> If the user had set up a WPA Enterprise or 802.1x connection that used a CA certificate to verify the identity of the network to which the user was connecting, and the user deleted or moved that CA certificate file at a later point, NetworkManager will still connect to that network but without using the CA certificate. This could result in connections to a rogue network that is spoofing the original network as the identity of the network is not verified with the CA certificate after the certificate has been deleted. Obviously requires direct interaction by the user that configured the connection in the first place to remove the CA certificate file. --- Additional comment from dcbw on 2009-12-11 18:50:57 EDT --- Upstream fix is: <a href="http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b">http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b</a>
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNOME NetworkManager | =0.7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=546795
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067
- http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b
- http://www.openwall.com/lists/oss-security/2009/12/16/3
- http://www.redhat.com/support/errata/RHSA-2010-0108.html
- http://secunia.com/advisories/38420
- http://www.securityfocus.com/bid/37580
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11315
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=546793
- http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b
- http://admin.fedoraproject.org/updates/NetworkManager-0.7.2-2.git20091223.fc11
- https://rhn.redhat.com/errata/RHSA-2010-0108.html
- collector/nvd-historical
- collector/nvd-index
- agent/first-publish-date
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/tags
- agent/event
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-4144
- vendor/gnome
- canonical/gnome networkmanager
- version/gnome networkmanager/0.7.2