LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 18th, 2014
Linux Advisory Watch: July 13th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: network-manager-applet vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144) It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users' network connection passwords and pre-shared keys. (CVE-2009-4145)
===========================================================
Ubuntu Security Notice USN-883-1           January 13, 2010
network-manager-applet vulnerabilities
CVE-2009-4144, CVE-2009-4145
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.10:
  network-manager-gnome           0.7~~svn20081020t000444-0ubuntu1.8.10.3

Ubuntu 9.04:
  network-manager-gnome           0.7.1~rc4.1-0ubuntu2.1

After a standard system upgrade you need to restart your session to effect
the necessary changes.

Details follow:

It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)

It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)


Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.3.diff.gz
      Size/MD5:    52472 b82ebcb1945e432b7141c51500cf54d0
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444-0ubuntu1.8.10.3.dsc
      Size/MD5:     1745 682f49446d481b1c47a9191a7e8863d0
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7~~svn20081020t000444.orig.tar.gz
      Size/MD5:   668729 af829714605058afb3cf77c5d419ae83

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.3_amd64.deb
      Size/MD5:   314590 93926fe52218799bb9582a9937625ebc

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.3_i386.deb
      Size/MD5:   300692 e8130472fa267cd98d5696a660f7121b

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.3_lpia.deb
      Size/MD5:   299180 9b9c2a8e5577ede2474873c864dfb620

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.3_powerpc.deb
      Size/MD5:   310850 051260d8bf82146f1533e10ec842db46

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7~~svn20081020t000444-0ubuntu1.8.10.3_sparc.deb
      Size/MD5:   303226 0fcfffc3b7948a93d8c20a22a867b34e

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7.1~rc4.1-0ubuntu2.1.diff.gz
      Size/MD5:    39587 f761e8d9cbe68d5ff1a1ef1f373d0855
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7.1~rc4.1-0ubuntu2.1.dsc
      Size/MD5:     1621 83c06ab153587c3d3ece6ec8d27e8fa6
    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-applet_0.7.1~rc4.1.orig.tar.gz
      Size/MD5:   812190 85177fb4f930e731187ad1f811f07888

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7.1~rc4.1-0ubuntu2.1_amd64.deb
      Size/MD5:   381524 c8a4ece54773441228662a1d8f0b78c0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/n/network-manager-applet/network-manager-gnome_0.7.1~rc4.1-0ubuntu2.1_i386.deb
      Size/MD5:   365622 13d6469d61d2323a6813e2ef763eccb2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7.1~rc4.1-0ubuntu2.1_lpia.deb
      Size/MD5:   362318 17f179f208b66b13320543e806f7aaed

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7.1~rc4.1-0ubuntu2.1_powerpc.deb
      Size/MD5:   375036 32034d9e9af5d92a8a8174a2684f1ce2

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/n/network-manager-applet/network-manager-gnome_0.7.1~rc4.1-0ubuntu2.1_sparc.deb
      Size/MD5:   368592 95d9b33243243701ecf97145d473043e




 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Router hacking competition announced for Defcon
EFF wants hackers to help build an open, secure router
Hackers Could Take Control of Your Car. This Device Can Stop Them
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.