CVE-2009-4144
NetworkManager: WPA enterprise network not verified when certificate is removed
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
NetworkManager (NM) v0.7.2 no asegura que el fichero del certificado de la autoridad de certificación (CA) configurada para una red (1) WPA Enterprise o (2) 802.1x continúe presente durante un intento de conexión, lo que podría permitir a atacantes remotos obtener información sensible o provocar una denegación de servicio (interrupción de conectividad) mediante la suplantación de identidad de una red inalámbrica.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2009-12-01 CVE Reserved
- 2009-12-23 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067 | X_refsource_confirm | |
| http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b | X_refsource_confirm | |
| http://secunia.com/advisories/38420 | Third Party Advisory | |
| http://www.openwall.com/lists/oss-security/2009/12/16/3 | Mailing List |
|
| http://www.securityfocus.com/bid/37580 | Vdb Entry | |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11315 | Signature |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html | 2017-09-19 | |
| http://www.redhat.com/support/errata/RHSA-2010-0108.html | 2017-09-19 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=546795 | 2010-02-16 | |
| https://access.redhat.com/security/cve/CVE-2009-4144 | 2010-02-16 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gnome Search vendor "Gnome" | Networkmanager Search vendor "Gnome" for product "Networkmanager" | 0.7.2 Search vendor "Gnome" for product "Networkmanager" and version "0.7.2" | - |
Affected
| ||||||