network-manager-applet vulnerabilities

2010-01-13T00:00:00
ID USN-883-1
Type ubuntu
Reporter Ubuntu
Modified 2010-01-13T00:00:00

Description

It was discovered that NetworkManager did not ensure that the Certification Authority (CA) certificate file remained present when using WPA Enterprise or 802.1x networks. A remote attacker could use this flaw to spoof the identity of a wireless network and view sensitive information. (CVE-2009-4144)

It was discovered that the connection editor GUI would incorrectly export objects over D-Bus. A local user could read D-Bus signals to view other users’ network connection passwords and pre-shared keys. (CVE-2009-4145)