|
|
Subscribe / Log in / New account

NetworkManager: multiple vulnerabilities

Package(s):NetworkManager CVE #(s):CVE-2009-4145 CVE-2009-4144
Created:January 4, 2010 Updated:February 23, 2010
Description:

From the Red Hat bugzilla entries [1, 2]:

CVE-2009-4145: nm-connection-editor inadvertently exported connection objects on the bus, and when a user changes those connections though the connection editor GUI, the editor may emit a summary of those changes onto the bus, leading to the information disclosure.

CVE-2009-4144: If the user had set up a WPA Enterprise or 802.1x connection that used a CA certificate to verify the identity of the network to which the user was connecting, and the user deleted or moved that CA certificate file at a later point, NetworkManager will still connect to that network but without using the CA certificate. This could result in connections to a rogue network that is spoofing the original network as the identity of the network is not verified with the CA certificate after the certificate has been deleted.

Alerts:
Red Hat RHSA-2010:0108-01 NetworkManager 2010-02-16
Ubuntu USN-883-1 network-manager-applet 2010-01-13
SuSE SUSE-SR:2010:002 virtualbox-ose, NetworkManager-gnome, avahi, acl, libthai 2010-02-01
Fedora FEDORA-2009-13642 NetworkManager 2009-12-24
CentOS CESA-2010:0108 NetworkManager 2010-02-23
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds