CVE-2009-4144
Published: 23 December 2009
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
Notes
| Author | Note |
|---|---|
| mdeslaur | already fixed in 0.8 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
network-manager Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| upstream |
Needed
|
|
|
network-manager-applet Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
(0.6.6-0ubuntu3.1)
|
|
| intrepid |
Released
(0.7~~svn20081020t000444-0ubuntu1.8.10.3)
|
|
| jaunty |
Released
(0.7.1~rc4.1-0ubuntu2.1)
|
|
| karmic |
Not vulnerable
(0.8~a~git.20091014t134532.4033e62-0ubuntu1)
|
|
| upstream |
Needed
|
|
|
Patches: upstream: http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b |
||