USN-883-1: network-manager-applet vulnerabilities

Ubuntu Security Notice USN-883-1

13th January, 2010

network-manager-applet vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 9.04
  • Ubuntu 8.10

Software description

  • network-manager-applet

Details

It was discovered that NetworkManager did not ensure that the Certification
Authority (CA) certificate file remained present when using WPA Enterprise
or 802.1x networks. A remote attacker could use this flaw to spoof the
identity of a wireless network and view sensitive information.
(CVE-2009-4144)

It was discovered that the connection editor GUI would incorrectly export
objects over D-Bus. A local user could read D-Bus signals to view other
users' network connection passwords and pre-shared keys. (CVE-2009-4145)

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 9.04:
network-manager-gnome 0.7.1~rc4.1-0ubuntu2.1
Ubuntu 8.10:
network-manager-gnome 0.7~~svn20081020t000444-0ubuntu1.8.10.3

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

After a standard system upgrade you need to restart your session to effect
the necessary changes.

References

CVE-2009-4144, CVE-2009-4145