oss-sec mailing list archives
Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network
From: Yves-Alexis Perez <corsac () debian org>
Date: Fri, 15 Jun 2012 07:43:19 +0200
On jeu., 2012-06-14 at 22:52 -0600, Kurt Seifried wrote:
On 06/14/2012 10:28 PM, Huzaifa Sidhpurwala wrote:Hi All, In NetworkManager, when a new wireless network was created with WPA/WPA2 security, it created an open/insecure network. From the commit, it seems the bug exists in the kernel. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=782627 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39 The patch disables WPA adhoc networks completely untill a better solution is found. Can a CVE id be please assigned to this issue?Please use CVE-2012-2736 for this issue.
And shouldn't something been done on the kernel part? I'm not sure how it behaves but if it silently create an open ad-hoc connection while it was requested a wpa one by the application, that looks like something warranting a CVE too. Regards, -- Yves-Alexis
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Huzaifa Sidhpurwala (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Yves-Alexis Perez (Jun 14)
- Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network Kurt Seifried (Jun 14)