NetworkManager security update
NetworkManager did not pin a certificate's subject to an
ESSID. A rogue access point could therefore be used to
conduct MITM attacks by using any other valid certificate
issued by same CA as used in the original network
(CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need
to be deleted and re-created to take advantage of the new
security checks.
NetworkManager did not honor the PolicyKit auth_admin
setting when creating Ad-Hoc wireless networks
(CVE-2011-2176)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5373
Fixed bugs
bnc#574266
VUL-0: NetworkManager unsafe for WPA2 Enterprise networks
bnc#702016
VUL-0: NetworkManager: did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
CVE#CVE-2006-7246
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2011-2176
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
