CVE-2009-4144
published 2009-12-23CVE-2009-4144: NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network…
PriorityP428medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
1.90%
77.1th percentile
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | network-manager | < network-manager-applet 0.7.2-2 (bookworm) | network-manager-applet 0.7.2-2 (bookworm) |
| debian | network-manager-applet | < network-manager-applet 0.7.2-2 (bookworm) | network-manager-applet 0.7.2-2 (bookworm) |
| gnome | networkmanager | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8LOW
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
network-manager-applet vulnerabilities
vendor_ubuntu·2010-01-13·CVSS 6.8
CVE-2009-4144 [MEDIUM] network-manager-applet vulnerabilities
Title: network-manager-applet vulnerabilities
Summary: network-manager-applet vulnerabilities
It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)
It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)
Instructions: After a standard system upgrade you need to restart your session to effect
the necessary changes.
Red Hat
NetworkManager: WPA enterprise network not verified when certificate is removed
vendor_redhat·2009-12-08·CVSS 6.8
CVE-2009-4144 [MEDIUM] NetworkManager: WPA enterprise network not verified when certificate is removed
NetworkManager: WPA enterprise network not verified when certificate is removed
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
Debian
CVE-2009-4144: network-manager - NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Auth...
vendor_debian·2009·CVSS 6.8
CVE-2009-4144 [MEDIUM] CVE-2009-4144: network-manager - NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Auth...
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-6w2r-qm6g-q82p: NetworkManager (NM) 0
ghsa_unreviewed·2022-05-02
CVE-2009-4144 [MEDIUM] GHSA-6w2r-qm6g-q82p: NetworkManager (NM) 0
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
OSV
CVE-2009-4144: NetworkManager (NM) 0
osv·2009-12-23·CVSS 6.8
CVE-2009-4144 [MEDIUM] CVE-2009-4144: NetworkManager (NM) 0
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
No detection rules found.
No public exploits indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82bhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.htmlhttp://secunia.com/advisories/38420http://www.openwall.com/lists/oss-security/2009/12/16/3http://www.redhat.com/support/errata/RHSA-2010-0108.htmlhttp://www.securityfocus.com/bid/37580https://bugzilla.redhat.com/show_bug.cgi?id=546795https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11315http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82bhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.htmlhttp://secunia.com/advisories/38420http://www.openwall.com/lists/oss-security/2009/12/16/3http://www.redhat.com/support/errata/RHSA-2010-0108.htmlhttp://www.securityfocus.com/bid/37580https://bugzilla.redhat.com/show_bug.cgi?id=546795https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11315
2009-12-23
Published