1
Candidate: CVE-2006-7246
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7246
5
http://www.suse.com/support/security/advisories/2011_45_networkmanager.html
6
http://lwn.net/Alerts/469005/
8
When 802.11X authentication is used (ie WPA Enterprise)
9
NetworkManager did not pin a certificate's subject to an ESSID. A
10
rogue access point could therefore be used to conduct MITM attacks
11
by using any other valid certificate issued by the same CA as
12
used in the original network (CVE-2006-7246). If password based
13
authentication is used (e.g. via PEAP or EAP-TTLS) this means an
14
attacker could sniff and potentially crack the password hashes of
18
mdeslaur> needs wpa_supplicant support:
19
mdeslaur> http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commit;h=00468b4650998144f794762206c695c962c54734
20
mdeslaur> also needs network-manager-gnome support
22
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2006-7246
23
https://bugzilla.novell.com/show_bug.cgi?id=574266
24
https://bugzilla.gnome.org/show_bug.cgi?id=341323
25
https://bugzilla.gnome.org/show_bug.cgi?id=621484
30
Patches_network-manager:
31
upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=ca968105daa7bb9e2fd1d64c2d2270f110f984ba
32
upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=0b8097a26a59ef0b2c0ab78f9ec3656e5681404b
33
upstream: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=4f38f02add9aa0e311f1ddb605b1aa0224ad057e
34
upstream_network-manager: needs-triage
35
hardy_network-manager: ignored (reached end-of-life)
36
lucid_network-manager: ignored (reached end-of-life)
37
natty_network-manager: ignored (reached end-of-life)
38
oneiric_network-manager: not-affected (0.9.1.90-0ubuntu5.1)
39
precise_network-manager: not-affected (0.9.4.0-0ubuntu4.1)
40
quantal_network-manager: not-affected (0.9.4.0+git201206081144.2efeac8-0ubuntu1)
41
raring_network-manager: not-affected (0.9.4.0+git201206081144.2efeac8-0ubuntu1)
42
devel_network-manager: not-affected (0.9.4.0+git201206081144.2efeac8-0ubuntu1)