[Sec-cert] [Fedora] Schwachstellen im NetworkManager bis einschliesslich Version 0.7.2 - FEDORA-2009-13642

WiN Site Security Contacts win-sec-ssc at lists.dfn-cert.de
Mo Jan 4 16:40:41 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgendes Fedora Security Advisory. Wir geben
diese Informationen unveraendert an Sie weiter.

CVE-2009-4145 - Preisgabe von Informationen durch in
nm-connection-editor

  Das Programm nm-connection-editor des NetworkManager pflegt die
  Informationen ueber Netzwerkverbindungen in sog. "Connection Objects".
  Diese Objekte werden an den D-Bus exportiert, wo sie von anderen
  Programmen ausgelesen werden koennen. Ein lokaler Angreifer kann diese
  Schwachstelle dazu ausnutzen, vertrauliche Informationen, z.B. WLAN
  Keys/Passphrasen, auszulesen.

CVE-2009-4144 - Fehlende Zertifkatspruefung in NetworkManager

  NetworkManager ueberprueft nur bei der ersten Verbindung zu einem mit
  WPA Enterprise oder 802.1x gesicherten Netzwerk, ob die Datei mit dem
  X.509 Zertifikat im System auch vorhanden ist. Bei weiteren
  Verbindungsaufbauten wird das Zertifikat trotz fehlender Datei als
  gueltig erkannt. Ein entfernter Angreifer kann diese Schwachstelle
  ausnutzen, indem er einen Access Point mit ungueltigem Zertifikat
  aufbaut und anschliessend den Datenverkehr zwischem dem System des
  Opfers und seinem Access Point abhoert und so an evtl. vertrauliche
  Daten gelangt.

Betroffen sind die folgenden Software Pakete und Plattformen:

  Paket NetworkManager

  Fedora 11

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

Hersteller Advisory:
  https://www.redhat.com/archives/fedora-package-announce/2010-January/msg00122.html


(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
		Klaus Moeller, DFN-CERT

- -- 
Dipl. Inform. Klaus Moeller (Incident Response Team)
Phone: +49 40 808077-555, Fax: +49 40 808077-556

DFN-CERT Services GmbH, https://www.dfn-cert.de,  Phone  +49 40 808077-555
Sitz / Register: Hamburg, AG Hamburg, HRB 88805,  Ust-IdNr.:  DE 232129737
Sachsenstrase 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

17. DFN Workshop    "Sicherheit in vernetzten Systemen"    09./10.02.2010
Informationen unter https://www.dfn-cert.de/veranstaltungen/workshop.html

- --------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2009-13642
2009-12-24 20:17:18
- --------------------------------------------------------------------------------

Name        : NetworkManager
Product     : Fedora 11
Version     : 0.7.2
Release     : 2.git20091223.fc11
URL         : http://www.gnome.org/projects/NetworkManager/
Summary     : Network connection manager and user applications
Description :
NetworkManager attempts to keep an active network connection available at all
times.  It is intended only for the desktop use-case, and is not intended for
usage on servers.   The point of NetworkManager is to make networking
configuration and setup as painless and automatic as possible.  If using DHCP,
NetworkManager is _intended_ to replace default routes, obtain IP addresses
from a DHCP server, and change nameservers whenever it sees fit.

- --------------------------------------------------------------------------------
Update Information:

This update corrects two security issues, as well as fixes for various mobile
broadband devices and Fedora system network configuration handling.
- --------------------------------------------------------------------------------
ChangeLog:

* Wed Dec 23 2009 Dan Williams <dcbw at redhat.com> - 0.7.2-2.git20091223
- - nm: allow more connect time for 'hso' mobile broadband devices (rh #514827)
- - nm: fix reconnections on some Option 'hso' devices
- - nm: add support for more ZTE mobile broadband devices
- - ifcfg-rh: treat MODE=AUTO as infrastructure mode
- - ifcfg-rh: warn when device will be managed due to missing HWADDR (rh #545003)
- - ifcfg-rh: add support for reading and writing routes files (rh #507307)
- - applet: fix potential leakage of secrets onto the system bus (rh #546115) (CVE-2009-4145)
- - applet: fix possible connections to spoofed WPA Enterprise networks (rh #546793) (CVE-2009-4144)
- - applet: add "Disable Notifications" option
- - applet: fix blank notification with certain characters
* Mon Nov 23 2009 Dan Williams <dcbw at redhat.com> - 0.7.2
- - nm: fix VPN crash with NULL secrets (rh #532084)
- - nm: validate pidfile and quit early if NM is already running (rh #517362)
- - nm: preserve WiFi and Networking Enabled states across reboot
- - nm: handle PEM certificates without an ending newline (rh #507315)
- - ifcfg-rh: handle never-default (rh #528281)
- - ifcfg-rh: ignore .rpmnew files (rh #509621)
- - applet: alert when private keys are not password protected
- - applet: fix system connection selection from the "Connect to hidden..." dialog
- - applet: don't die when auto connections can't be created (rh #532680)
- - applet: add GConf key to allow sysadmins to disable Ad-Hoc wifi network creation
* Fri Oct 30 2009 Dan Williams <dcbw at redhat.com> - 0.7.1.998-1
- - nm: fix checking for TTLS phase2 secrets
- - nm: fix UUID validation regression (rh #530611)
- - ifcfg-rh: fix writing LEAP connections
- - applet: fix disabled Connect button for EAP-TLS (rh #469059)
- - applet: add a "My country is not listed" option to the mobile wizard (rh #530981)
* Thu Oct 15 2009 Dan Williams <dcbw at redhat.com> - 0.7.1.997-1
- - nm: add support for PEAP-GTC (rh #451027)
- - nm: ensure VPN secrets aren't re-used when they shouldn't be
- - nm: fix race causing erroneous ethernet carrier change events
- - nm: fixes for ZTE, Onda, and Sierra modem detection and operation
- - nm: enhanced support for Ericsson 'mbm' modems
- - nm: enhanced support for AT&T Quicksilver and Option iCON 505
- - nm: work around PPP bug returning bogus nameservers
- - editor: fix editing system-wide VPN connections
- - applet: PEAP, TTLS, and wired 802.1x fixes
- - applet: install GConf schemas
- - applet: fix default focus for passphrase dialogs
- - applet: translation updates
* Thu Jul  9 2009 Dan Williams <dcbw at redhat.com> - 0.7.1-8.git20090708
- - applet: fix crash on error claiming D-Bus service (rh #519408)
* Thu Jul  9 2009 Dan Williams <dcbw at redhat.com> - 0.7.1-8.git20090708
- - applet: fix certificate validation in hidden wifi networks dialog (rh #508207)
* Wed Jul  8 2009 Dan Williams <dcbw at redhat.com> - 0.7.1-7.git20090708
- - nm: fixes for ZTE/Onda modem detection
- - nm: prevent re-opening serial port when the SIM has a PIN
- - applet: updated translations
- - editor: show list column headers
* Thu Jun 25 2009 Dan Williams <dcbw at redhat.com> - 0.7.1-6.git20090617
- - nm: fix serial port settings
* Wed Jun 17 2009 Dan Williams <dcbw at redhat.com> - 0.7.1-5.git20090617
- - nm: fix AT&T Quicksilver modem connections (rh #502002)
- - nm: fix support for s390 bus types (rh #496820)
- - nm: fix detection of some CMOtech modems
- - nm: handle unsolicited wifi scans better
- - nm: resolv.conf fixes when using DHCP and overriding search domains
- - nm: handle WEP and WPA passphrases (rh #441070)
- - nm: fix removal of old APs when none are scanned
- - nm: fix Huawei EC121 and EC168C detection and handling (rh #496426)
- - applet: save WEP and WPA passphrases instead of hashed keys (rh #441070)
- - applet: fix broken notification bubble actions
- - applet: default to WEP encryption for Ad-Hoc network creation
- - applet: fix crash when connection editor dialogs are canceled
- - applet: add a mobile broadband provider wizard
* Tue May 19 2009 Karsten Hopp <karsten at redhat.com> 0.7.1-4.git20090414.1
- - drop ExcludeArch s390 s390x, we need at least the header files
- --------------------------------------------------------------------------------
References:

  [ 1 ] Bug #546117 - CVE-2009-4145 NetworkManager: information disclosure by nm-connection-editor
        https://bugzilla.redhat.com/show_bug.cgi?id=546117
  [ 2 ] Bug #546795 - CVE-2009-4144 NetworkManager: WPA enterprise network not verified when certificate is removed
        https://bugzilla.redhat.com/show_bug.cgi?id=546795
- --------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update NetworkManager' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
- --------------------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFLQgv5k0kIxZMiiQ8RAkVgAJ9ce3iv39m5Ab8bmyyho5ri7Yag3ACePi9Z
cwNhqCQqw4AqVopgErNK/bM=
=HS4m
-----END PGP SIGNATURE-----



Mehr Informationen über die Mailingliste Sec-cert