Vulnerability CVE-2009-4144

Vulnerability Name:

CVE-2009-4144 (CCN-55185)

Assigned:

2009-12-08

Published:

2009-12-08

Updated:

2017-09-19

Summary:

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.

CVSS v3 Severity:

5.4 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)

Exploitability Metrics:	Attack Vector (AV): Adjacent Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): Low

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.2 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:P)
3.3 Low (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:N/A:P/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): Partial

1.8 Low (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:P/A:N)
1.3 Low (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:N/C:N/I:P/A:N/E:U/RL:TF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-310

Vulnerability Consequences:

Denial of Service

References:

Source: CONFIRM
Type: UNKNOWN
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=560067

Source: MITRE
Type: CNA
CVE-2009-4144

Source: CCN
Type: GNOME GIT source code repository
core: fix CA cert mishandling after cert file deletion (deb #560067) (rh #546793)

Source: CONFIRM
Type: UNKNOWN
http://git.gnome.org/browse/network-manager-applet/commit/?h=NETWORKMANAGER_APPLET_0_7&id=4020594dfbf566f1852f0acb36ad631a9e73a82b

Source: SUSE
Type: UNKNOWN
SUSE-SR:2010:002

Source: CCN
Type: RHSA-2010-0108
Moderate: NetworkManager security update

Source: SECUNIA
Type: UNKNOWN
38420

Source: CCN
Type: oss-security Mailing List, Wed, 16 Dec 2009 16:12:42 -0500 (EST)
NetworkManager CVE assignment

Source: MLIST
Type: UNKNOWN
[oss-security] 20091216 NetworkManager CVE assignment

Source: CCN
Type: OSVDB ID: 61197
network-manager-applet Certificate File Validation Failure Wireless Network Connection Spoofing Weakness

Source: REDHAT
Type: UNKNOWN
RHSA-2010:0108

Source: BID
Type: UNKNOWN
37580

Source: CCN
Type: BID-37580
NetworkManager Security Bypass and Information Disclosure Vulnerabilities

Source: CCN
Type: USN-883-1
network-manager-applet vulnerabilities

Source: CCN
Type: Red Hat Bugzilla Bug 54679
(CVE-2009-4144) CVE-2009-4144 NetworkManager: WPA enterprise network not verified when certificate is removed [NEEDINFO]

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=546795

Source: XF
Type: UNKNOWN
networkmanager-certificatefile-dos(55185)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:11315

Source: SUSE
Type: SUSE-SR:2010:002
SUSE Security Summary Report

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnome:networkmanager:0.7.2:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnome:networkmanager:0.7.2:*:*:*:*:*:*:*

AND

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20094144	V	CVE-2009-4144	2022-05-20
oval:org.opensuse.security:def:42262	P	Security update for opensc (Important)	2022-04-12
oval:org.opensuse.security:def:32289	P	Security update for libvirt (Important)	2022-01-10
oval:org.opensuse.security:def:31334	P	Security update for log4j (Important)	2021-12-17
oval:org.opensuse.security:def:26181	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:32232	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31700	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:33036	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:31295	P	Security update for transfig (Important)	2021-10-29
oval:org.opensuse.security:def:32205	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-10-18
oval:org.opensuse.security:def:31689	P	Security update for glibc (Moderate)	2021-10-06
oval:org.opensuse.security:def:26137	P	Security update for sqlite3 (Important)	2021-09-23
oval:org.opensuse.security:def:26123	P	Security update for openssl-1_0_0 (Low)	2021-09-09
oval:org.opensuse.security:def:32997	P	Security update for xen (Important)	2021-09-06
oval:org.opensuse.security:def:32149	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32142	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:31651	P	Security update for libsolv (Important)	2021-06-28
oval:org.opensuse.security:def:31214	P	Security update for libgcrypt (Important)	2021-06-24
oval:org.opensuse.security:def:31203	P	Security update for apache2 (Important)	2021-06-17
oval:org.opensuse.security:def:31632	P	Security update for MozillaFirefox (Important)	2021-06-08
oval:org.opensuse.security:def:36073	P	NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:42480	P	NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:26048	P	Security update for the Linux Kernel (Important)	2021-05-13
oval:org.opensuse.security:def:42067	P	Security update for python3 (Moderate)	2021-05-11
oval:org.opensuse.security:def:32076	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-04-28
oval:org.opensuse.security:def:26035	P	Security update for apache-commons-io (Moderate)	2021-04-26
oval:org.opensuse.security:def:31140	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2021-04-07
oval:org.opensuse.security:def:31739	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31352	P	Security update for openldap2 (Important)	2021-03-03
oval:org.opensuse.security:def:31738	P	Security update for grub2 (Important)	2021-03-02
oval:org.opensuse.security:def:26199	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:31346	P	Security update for java-1_8_0-openjdk (Moderate)	2021-02-19
oval:org.opensuse.security:def:32254	P	Security update for openvswitch (Important)	2021-02-12
oval:org.opensuse.security:def:31323	P	Security update for the Linux Kernel (Live Patch 35 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31322	P	Security update for the Linux Kernel (Live Patch 36 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:32139	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:26084	P	Security update for postgresql, postgresql12, postgresql13 (Important)	2021-01-26
oval:org.opensuse.security:def:29367	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:31625	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:32098	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:32005	P	Security update for xen (Important)	2020-12-07
oval:org.opensuse.security:def:41924	P	NetworkManager-gnome-0.7.0.r1053-11.16.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35660	P	NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35855	P	NetworkManager-gnome-0.7.1-5.22.28 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:35517	P	NetworkManager-gnome-0.7.0.r1053-11.16.61 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:32819	P	Security update for python-setuptools (Important)	2020-12-02
oval:org.opensuse.security:def:30986	P	Security update for intel-SINIT (Important)	2020-12-01
oval:org.opensuse.security:def:31757	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:25645	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:28633	P	Security update for acroread	2020-12-01
oval:org.opensuse.security:def:32586	P	openswan on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31539	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:25272	P	Security update for vino (Moderate)	2020-12-01
oval:org.opensuse.security:def:32037	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:32742	P	log4net on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25211	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25698	P	Security update for dpdk (Moderate)	2020-12-01
oval:org.opensuse.security:def:31495	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:32588	P	pam on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31761	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:31920	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:25690	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:28492	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:32293	P	Security update for postgresql94 (Important)	2020-12-01
oval:org.opensuse.security:def:26517	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25406	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28115	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:31776	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25929	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:27036	P	sysconfig on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30985	P	Security update for inn (Moderate)	2020-12-01
oval:org.opensuse.security:def:31408	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:25494	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:28594	P	Security update for Perl	2020-12-01
oval:org.opensuse.security:def:31948	P	Security update for gpg2 (Important)	2020-12-01
oval:org.opensuse.security:def:25144	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:25964	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:31794	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:32698	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25634	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:31438	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31129	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25788	P	Security update for zeromq (Moderate)	2020-12-01
oval:org.opensuse.security:def:32780	P	quagga on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31919	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:25415	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:28340	P	Security update for php53 (Important)	2020-12-01
oval:org.opensuse.security:def:26482	P	Security update for ffmpeg-4 (Low)	2020-12-01
oval:org.opensuse.security:def:25405	P	Security update for spice-gtk (Moderate)	2020-12-01
oval:org.opensuse.security:def:27985	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:25890	P	Security update for php5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26398	P	Security update for pdns-recursor (Moderate)	2020-12-01
oval:org.opensuse.security:def:25410	P	Security update for java-1_8_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:26252	P	Security update for mariadb-100 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31904	P	Security update for foomatic-filters (Moderate)	2020-12-01
oval:org.opensuse.security:def:25080	P	Security update for libxml2 (Low)	2020-12-01
oval:org.opensuse.security:def:25907	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31595	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:32676	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26660	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25623	P	Security update for cifs-utils (Moderate)	2020-12-01
oval:org.opensuse.security:def:31993	P	Security update for java-1_7_1-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:29331	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:31128	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:25637	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25287	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:28256	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31988	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:25844	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27921	P	Security update for xorg-x11-libXrender	2020-12-01
oval:org.opensuse.security:def:32532	P	java-1_4_2-ibm on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26354	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:32482	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25353	P	Security update for libzypp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25982	P	Security update for bash (Moderate)	2020-12-01
oval:org.opensuse.security:def:31882	P	Security update for dnsmasq (Important)	2020-12-01
oval:org.opensuse.security:def:25069	P	Security update for ucode-intel (Important)	2020-12-01
oval:org.opensuse.security:def:25609	P	Security update for sysstat (Moderate)	2020-12-01
oval:org.opensuse.security:def:31439	P	Security update for php53 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32637	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26625	P	pam_ldap on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:25622	P	Security update for wavpack (Moderate)	2020-12-01
oval:org.opensuse.security:def:31071	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31906	P	Security update for freeradius-server (Moderate)	2020-12-01
oval:org.opensuse.security:def:28693	P	Security update for gd	2020-12-01
oval:org.opensuse.security:def:31551	P	Security update for shim	2020-12-01
oval:org.opensuse.security:def:25553	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:28545	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:33419	P	Security update for NetworkManager-gnome	2020-12-01
oval:org.opensuse.security:def:25223	P	Security update for openssl-1_0_0 (Moderate)	2020-12-01
oval:org.opensuse.security:def:28199	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:25800	P	Security update for polkit (Moderate)	2020-12-01
oval:org.opensuse.security:def:26854	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27910	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:32376	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:26340	P	Recommended update for openjpeg (Moderate)	2020-12-01
oval:org.opensuse.security:def:32443	P	Security update for xen (Moderate)	2020-12-01
oval:org.opensuse.security:def:25831	P	Security update for flash-player (Important)	2020-12-01
oval:org.opensuse.security:def:31843	P	Security update for cairo (Moderate)	2020-12-01
oval:org.opensuse.security:def:32359	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:25068	P	Security update for ghostscript (Important)	2020-12-01
oval:org.opensuse.security:def:25481	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:25987	P	Security update for the Linux Kernel (Critical)	2020-12-01
oval:org.opensuse.security:def:30997	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:31849	P	Security update for clamav (Important)	2020-12-01
oval:org.opensuse.security:def:25841	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:28649	P	Security update for CUPS	2020-12-01
oval:org.opensuse.security:def:32625	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31540	P	Security update for samba (Moderate)	2020-12-01
oval:org.opensuse.security:def:25496	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:33380	P	Security update for compat-openssl097g (Moderate)	2020-12-01
oval:org.opensuse.security:def:25212	P	Security update for squid (Important)	2020-12-01
oval:org.opensuse.security:def:25826	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:31582	P	Security update for tar (Moderate)	2020-12-01
oval:org.opensuse.security:def:25786	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26819	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27909	P	Security update for Xen	2020-12-01
oval:org.opensuse.security:def:26301	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:31805	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31931	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:25747	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:32315	P	Security update for rsync (Moderate)	2020-12-01
oval:org.opensuse.security:def:25417	P	Security update for postgresql, postgresql96, postgresql10 and postgresql12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:31932	P	Security update for libX11 (Moderate)	2020-12-01
oval:org.opensuse.security:def:25943	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:27071	P	NetworkManager-gnome on GA media (Moderate)	2020-12-01
oval:org.mitre.oval:def:13076	P	USN-883-1 -- network-manager-applet vulnerabilities	2014-06-30
oval:org.mitre.oval:def:22956	P	ELSA-2010:0108: NetworkManager security update (Moderate)	2014-05-26
oval:org.mitre.oval:def:22081	P	RHSA-2010:0108: NetworkManager security update (Moderate)	2014-02-24
oval:org.mitre.oval:def:11315	V	NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.	2013-04-29
oval:com.redhat.rhsa:def:20100108	P	RHSA-2010:0108: NetworkManager security update (Moderate)	2010-02-16

BACK