USN-883-1: network-manager-applet vulnerabilities

13 January 2010

network-manager-applet vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10

Software Description

  • network-manager-applet

Details

It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144)

It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users’ network connection passwords and pre-shared keys. (CVE-2009-4145)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.04
network-manager-gnome - 0.7.1~rc4.1-0ubuntu2.1
Ubuntu 8.10
network-manager-gnome - 0.7~~svn20081020t000444-0ubuntu1.8.10.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect the necessary changes.

References