LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

NetworkManager: multiple vulnerabilities

Package(s):NetworkManager CVE #(s):CVE-2009-4145 CVE-2009-4144
Created:January 4, 2010 Updated:February 23, 2010
Description:

From the Red Hat bugzilla entries [1, 2]:

CVE-2009-4145: nm-connection-editor inadvertently exported connection objects on the bus, and when a user changes those connections though the connection editor GUI, the editor may emit a summary of those changes onto the bus, leading to the information disclosure.

CVE-2009-4144: If the user had set up a WPA Enterprise or 802.1x connection that used a CA certificate to verify the identity of the network to which the user was connecting, and the user deleted or moved that CA certificate file at a later point, NetworkManager will still connect to that network but without using the CA certificate. This could result in connections to a rogue network that is spoofing the original network as the identity of the network is not verified with the CA certificate after the certificate has been deleted.

Alerts:
Red Hat RHSA-2010:0108-01 2010-02-16
Ubuntu USN-883-1 2010-01-13
SuSE SUSE-SR:2010:002 2010-02-01
Fedora FEDORA-2009-13642 2009-12-24
CentOS CESA-2010:0108 2010-02-23
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds