CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
86.5%
CentOS Errata and Security Advisory CESA-2010:0108
NetworkManager is a network link manager that attempts to keep a wired or
wireless network connection active at all times.
A missing network certificate verification flaw was found in
NetworkManager. If a user created a WPA Enterprise or 802.1x wireless
network connection that was verified using a Certificate Authority (CA)
certificate, and then later removed that CA certificate file,
NetworkManager failed to verify the identity of the network on the
following connection attempts. In these situations, a malicious wireless
network spoofing the original network could trick a user into disclosing
authentication credentials or communicating over an untrusted network.
(CVE-2009-4144)
An information disclosure flaw was found in NetworkManager’s
nm-connection-editor D-Bus interface. If a user edited network connection
options using nm-connection-editor, a summary of those changes was
broadcasted over the D-Bus message bus, possibly disclosing sensitive
information (such as wireless network authentication credentials) to other
local users. (CVE-2009-4145)
Users of NetworkManager should upgrade to these updated packages, which
contain backported patches to correct these issues.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2010-February/078683.html
https://lists.centos.org/pipermail/centos-announce/2010-February/078684.html
Affected packages:
NetworkManager
NetworkManager-devel
NetworkManager-glib
NetworkManager-glib-devel
NetworkManager-gnome
Upstream details at:
https://access.redhat.com/errata/RHSA-2010:0108
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | i386 | networkmanager | < 0.7.0-9.el5_4 | NetworkManager-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-devel | < 0.7.0-9.el5_4 | NetworkManager-devel-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-glib | < 0.7.0-9.el5_4 | NetworkManager-glib-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-glib-devel | < 0.7.0-9.el5_4 | NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-gnome | < 0.7.0-9.el5_4 | NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager | < 0.7.0-9.el5_4 | NetworkManager-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-devel | < 0.7.0-9.el5_4 | NetworkManager-devel-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-glib | < 0.7.0-9.el5_4 | NetworkManager-glib-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-glib-devel | < 0.7.0-9.el5_4 | NetworkManager-glib-devel-0.7.0-9.el5_4.i386.rpm |
CentOS | 5 | i386 | networkmanager-gnome | < 0.7.0-9.el5_4 | NetworkManager-gnome-0.7.0-9.el5_4.i386.rpm |