REDHAT-BUG-546795

First published: Fri Dec 11 2009(Updated: )

+++ This bug was initially created as a clone of <a class="bz_bug_link bz_secure " title="" href="show_bug.cgi?id=546793">Bug #546793</a> +++ See also: <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067</a> If the user had set up a WPA Enterprise or 802.1x connection that used a CA certificate to verify the identity of the network to which the user was connecting, and the user deleted or moved that CA certificate file at a later point, NetworkManager will still connect to that network but without using the CA certificate. This could result in connections to a rogue network that is spoofing the original network as the identity of the network is not verified with the CA certificate after the certificate has been deleted. Obviously requires direct interaction by the user that configured the connection in the first place to remove the CA certificate file. --- Additional comment from dcbw on 2009-12-11 18:50:57 EDT --- Upstream fix is: <a href="http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&amp;id=4020594dfbf566f1852f0acb36ad631a9e73a82b">http://git.gnome.org/cgit/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&amp;id=4020594dfbf566f1852f0acb36ad631a9e73a82b</a>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/references
• agent/type
• agent/first-publish-date
• agent/last-modified-date
• collector/redhat-bugzilla
• source/Red Hat
• alias/CVE-2009-4144
• agent/severity
• agent/description
• agent/event
• agent/trending
• agent/source
• agent/softwarecombine
• agent/tags
• agent/guess-ai
• agent/software-canonical-lookup
• agent/software-canonical-lookup-request
• vendor/gnome
• canonical/red hat networkmanager-libreswan-gnome