Fluid Attacks Database

Description

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	network-manager-applet	>=0 <0.7.2-2	0.7.2-2
debian 12	network-manager-applet	>=0 <0.7.2-2	0.7.2-2
debian 13	network-manager-applet	>=0 <0.7.2-2	0.7.2-2
debian 14	network-manager-applet	>=0 <0.7.2-2	0.7.2-2
rpm rhel5	NetworkManager	<1:0.7.0-9.el5_4	1:0.7.0-9.el5_4

Aliases

1. CVE-2009-41442. NVD-2009-41443. OSV-DEBIAN-2009-41444. OSV-2009-41445. SECURITY-TRACKER-CVE-2009-4144

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.