CVE-2006-7246
Published: 27 January 2020
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
Notes
Author | Note |
---|---|
mdeslaur | needs wpa_supplicant support: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=00468b4650998144f794762206c695c962c54734 also needs network-manager-gnome support |
Priority
Status
Package | Release | Status |
---|---|---|
network-manager Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
natty |
Ignored
(end of life)
|
|
oneiric |
Not vulnerable
(0.9.1.90-0ubuntu5.1)
|
|
precise |
Not vulnerable
(0.9.4.0-0ubuntu4.1)
|
|
quantal |
Not vulnerable
(0.9.4.0+git201206081144.2efeac8-0ubuntu1)
|
|
raring |
Not vulnerable
(0.9.4.0+git201206081144.2efeac8-0ubuntu1)
|
|
upstream |
Needs triage
|
|
Patches: upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=ca968105daa7bb9e2fd1d64c2d2270f110f984ba upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=0b8097a26a59ef0b2c0ab78f9ec3656e5681404b upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=4f38f02add9aa0e311f1ddb605b1aa0224ad057e |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack vector | Adjacent |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |