NetworkManager-0.7.0-9.2.AXS3
エラータID: AXSA:2010-124:01
リリース日:
2010/02/23 Tuesday - 20:38
題名:
NetworkManager-0.7.0-9.2.AXS3
影響のあるチャネル:
Asianux Server 3 for x86
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- NetworkManager は接続を試みる際に WPA Enterprise あるいは 802.1x ネットワーク
のための認証局の証明書ファイルの存在の裏付けをしておらず、無線ネットワークのIDを偽ることよってリモートの攻撃者が機密情報を得たりサービス拒否 (接続の中断) を引き起こす脆弱性があります。(CVE-2009-4144)
- NetworkManager の nm-connection-editor は、コネクションエディタ GUI の操作により D-Bus上でコネクションオブジェクトをエクスポートする問題が存在し、D-Bus シグナルを読み出すことによってローカルのユーザが機密情報を得る脆弱性があります。(CVE-2009-4145)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2009-4144
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.
CVE-2009-4145
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor to discover the password for the WiFi network.
追加情報:
N/A
ダウンロード:
SRPMS
- NetworkManager-0.7.0-9.2.AXS3.src.rpm
MD5: d6ff4927dce0ece24257c517e657d3e3
SHA-256: defb243752d9936439ffb4309eee27d113a7bd6c2bbf27a6c117b387f6a38c24
Size: 3.02 MB
Asianux Server 3 for x86
- NetworkManager-glib-0.7.0-9.2.AXS3.i386.rpm
MD5: ff588c7dd38049f55151fb58a6ed5547
SHA-256: 3d850344f72f48c5a4441660379f588849bbade2a3b62fe88e2c478c7d682d9d
Size: 153.21 kB
Asianux Server 3 for x86_64
- NetworkManager-glib-0.7.0-9.2.AXS3.x86_64.rpm
MD5: fe3820d8974c2df9d71dd828d5899978
SHA-256: d4eb59fe53305b49b7c7bcb9eddc09ef1328126f0851b3e85cb21e5acf8a7615
Size: 155.69 kB