|Category:||Ubuntu Local Security Checks|
|Title:||Ubuntu USN-883-1 (network-manager-applet)|
|Summary:||Ubuntu USN-883-1 (network-manager-applet)|
|Description:||The remote host is missing an update to network-manager-applet|
announced via advisory USN-883-1.
It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)
The problem can be corrected by upgrading your system to the
following package versions:
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Risk factor : High
Common Vulnerability Exposure (CVE) ID: CVE-2009-4144|
SuSE Security Announcement: SUSE-SR:2010:002 (Google Search)
BugTraq ID: 37580
Common Vulnerability Exposure (CVE) ID: CVE-2009-4145
XForce ISS Database: networkmanager-nmconnectioneditor-info-disc(54898)
|Copyright||Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com|
|This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.