Your message dated Sat, 23 Jan 2010 03:21:53 +0000
with message-id <[email protected]>
and subject line Bug#560067: fixed in network-manager-applet 0.7.2-2
has caused the Debian Bug report #560067,
regarding CVE-2009-4144: WPA enterprise network not verified when certificate
is removed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
560067: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: network-manager-gnome
Version: 0.7.2-1
Severity: grave
Tags: security
Justification: user security hole
After configuring WPA2 Enterprise with TTLS and PAP, I was using certificate
file
in /etc/ssl/certs/...pem (autmatically imported from
/usr/local/share/ca-certificates/domain/certrootfile.crt)
Then i reinstalled system, and not configured certifcates yet.
After reinstalling system and restoring /home directory, i logged into my new
stystem.
After giving password to gnome-keyring NM automatically connected to my network,
even cosindering that it is not existing:
** (nm-applet:6704): WARNING **: utils_fill_connection_certs: couldn't read CA
certificate: 4 Nie można otworzyć pliku
"/etc/ssl/certs/SMP_Root_Certification_Authority_2.pem": Nie ma takiego pliku
ani katalogu
But NM thinks that it should connect anyway. And it connects,
possibly leaking my credentials, login and password, and all
keys, and of course network traffic.
It should be considerebly more verbose error provided to an user (using
nm-applet),
and NM should abort connecting.
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.31-1-686-bigmem (SMP w/1 CPU core)
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL
set to pl_PL.UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages network-manager-gnome depends on:
ii dbus-x11 1.2.16-2 simple interprocess messaging syst
ii gconf2 2.28.0-1 GNOME configuration database syste
ii gnome-icon-theme 2.28.0-1 GNOME Desktop icon theme
ii libc6 2.10.2-2 GNU C Library: Shared libraries
ii libdbus-1-3 1.2.16-2 simple interprocess messaging syst
ii libdbus-glib-1-2 0.82-2 simple interprocess messaging syst
ii libgconf2-4 2.28.0-1 GNOME configuration database syste
ii libglade2-0 1:2.6.4-1 library to load .glade files at ru
ii libglib2.0-0 2.22.3-1 The GLib library of C routines
ii libgnome-keyring0 2.28.1-2 GNOME keyring services library
ii libgtk2.0-0 2.18.4-1 The GTK+ graphical user interface
ii libnm-glib-vpn0 0.7.2-2 network management framework (GLib
ii libnm-glib0 0.7.2-2 network management framework (GLib
ii libnm-util1 0.7.2-2 network management framework (shar
ii libnotify1 [libnotify1-gtk2.1 0.4.5-1 sends desktop notifications to a n
ii libpango1.0-0 1.26.1-1 Layout and rendering of internatio
ii libpolkit-gnome0 0.9.2-2 PolicyKit-gnome library
ii libpolkit2 0.9-4 library for accessing PolicyKit
ii network-manager 0.7.2-2 network management framework daemo
ii policykit-gnome 0.9.2-2 GNOME dialogs for PolicyKit
Versions of packages network-manager-gnome recommends:
ii libpam-gnome-keyring [libpam- 2.28.1-2 PAM module to unlock the GNOME key
ii notification-daemon 0.4.0-2 a daemon that displays passive pop
Versions of packages network-manager-gnome suggests:
ii network-manager-openvpn-gnome 0.7.2-1 network management framework (Open
ii network-manager-pptp-gnome 0.7.2-1 network management framework (PPTP
ii network-manager-vpnc-gnome 0.7.2-1 network management framework (VPNC
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: network-manager-applet
Source-Version: 0.7.2-2
We believe that the bug you reported is fixed in the latest version of
network-manager-applet, which is due to be installed in the Debian FTP archive:
network-manager-applet_0.7.2-2.diff.gz
to main/n/network-manager-applet/network-manager-applet_0.7.2-2.diff.gz
network-manager-applet_0.7.2-2.dsc
to main/n/network-manager-applet/network-manager-applet_0.7.2-2.dsc
network-manager-gnome_0.7.2-2_i386.deb
to main/n/network-manager-applet/network-manager-gnome_0.7.2-2_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Biebl <[email protected]> (supplier of updated network-manager-applet
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 22 Jan 2010 23:33:06 +0100
Source: network-manager-applet
Binary: network-manager-gnome
Architecture: source i386
Version: 0.7.2-2
Distribution: unstable
Urgency: low
Maintainer: Utopia Maintenance Team
<[email protected]>
Changed-By: Michael Biebl <[email protected]>
Description:
network-manager-gnome - network management framework (GNOME frontend)
Closes: 560067 563371
Changes:
network-manager-applet (0.7.2-2) unstable; urgency=low
.
* debian/control
- Bump Build-Depends on libdbus-glib-1-dev to (>= 0.74).
- Bump Build-Depends on libgtk2.0-dev to (>= 2.14).
* debian/patches/02-CVE-2009-4145_fix_leakage_of_secrets_on_system_bus.patch
- Fix potential leakage of secrets onto the system bus. (Closes: #563371)
Patch backported from upstream Git.
Fixes: CVE-2009-4145
*
debian/patches/03-CVE-2009-4144_fix_ca_cert_handling_after_cert_file_deletion.patch
- Fix possible connections to spoofed WPA Enterprise networks when
certification file is deleted. (Closes: #560067)
Patch backported from upstream Git.
Fixes: CVE-2009-4144
Checksums-Sha1:
15becbfe6aead279afc52538459a694761df360d 1759
network-manager-applet_0.7.2-2.dsc
cf76986a4d1711f141719efd7d02a9741591fbac 14785
network-manager-applet_0.7.2-2.diff.gz
2dc386a749baf58b92507ca090b18d42d7e93b0d 917806
network-manager-gnome_0.7.2-2_i386.deb
Checksums-Sha256:
5b941473679ea6728e94e37d9a3f857577fbb2c6a0aeeaa6efc346bf32230e0d 1759
network-manager-applet_0.7.2-2.dsc
3823228b3428f1f0441fc73248e452d42cdf90e609647a4c0b2c259dfae84504 14785
network-manager-applet_0.7.2-2.diff.gz
d18f6e81ac89cc18f7d58965b83504f1a54f1e8dcd3c4a1ffafcbb356f890659 917806
network-manager-gnome_0.7.2-2_i386.deb
Files:
67c8fb551ed5d0b176e23b87e6b19b5e 1759 gnome optional
network-manager-applet_0.7.2-2.dsc
b6be6cf6066090e988f2bbf137265a75 14785 gnome optional
network-manager-applet_0.7.2-2.diff.gz
5562f0367cae62ec89f8d0c2a01e17b2 917806 gnome optional
network-manager-gnome_0.7.2-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktaVe4ACgkQh7PER70FhVSxrgCdGC8g/1a4zUEKbsMldTFve3pA
HoIAn3dZU6me/MqwORVMN8H/MCqcV9pu
=mz+I
-----END PGP SIGNATURE-----
--- End Message ---
