Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network

[Yves-Alexis Perez <corsac () debian org>]

On jeu., 2012-06-14 at 22:52 -0600, Kurt Seifried wrote:
> On 06/14/2012 10:28 PM, Huzaifa Sidhpurwala wrote:
> > Hi All,
> >
> > In NetworkManager, when a new wireless network was created with 
> > WPA/WPA2 security, it created an open/insecure network. From the
> > commit, it seems the bug exists in the kernel.
> >
> > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=782627 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> >
> >  The patch disables WPA adhoc networks completely untill a better 
> > solution is found.
> >
> > Can a CVE id be please assigned to this issue?
>
> Please use CVE-2012-2736 for this issue.

And shouldn't something been done on the kernel part? I'm not sure how
it behaves but if it silently create an open ad-hoc connection while it
was requested a wpa one by the application, that looks like something
warranting a CVE too.

Regards,
-- 
Yves-Alexis

Attachment: signature.asc
Description: This is a digitally signed message part