CVE-2012-2736
Published: 18 June 2012
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
Notes
| Author | Note |
|---|---|
| jdstrand | This only affects Ad-Hoc networks that the user creates, not networks the user connects to Per upstream, this is actually a problem with the kernel as of 2.6.30 |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
network-manager Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(0.8-0ubuntu3.3)
|
|
| natty |
Released
(0.8.4~git.20110319t175609.d14809b-0ubuntu3.1)
|
|
| oneiric |
Released
(0.9.1.90-0ubuntu5.2)
|
|
| precise |
Not vulnerable
(0.9.4.0-0ubuntu4.1)
|
|
| upstream |
Released
(0.9.4)
|
|
|
Patches: upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=69247a00eacd00617acbf1dfcee8497437b8ad39 upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=8126947e088462439740d18e9a2e77005d499ce1 (related?) upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=47f9eb80d81c5e4a2761e1507ba47ce8bae493db (related?) |
||
|
network-manager-applet Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
| lucid |
Released
(0.8-0ubuntu3.1)
|
|
| natty |
Released
(0.8.4~git.20110318t152954.9c4c9a0-0ubuntu1.1)
|
|
| oneiric |
Released
(0.9.1.90-0ubuntu6.1)
|
|
| precise |
Not vulnerable
(0.9.4.1-0ubuntu2)
|
|
| upstream |
Released
(0.9.4)
|
|
|
Patches: upstream: http://git.gnome.org/browse/network-manager-applet/commit/?id=4e8155122a0737977d3802314e5e0009d8d0c212 |
||
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.4 |
| Attack vector | Local |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | None |
| Vector | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |