U radu programskog paketa NetworkManager uočen je sigurnosni propust. Lokalni ga napadač može iskoristiti za postavljanje (eng. setup) nesigurne Ad-Hoc bežične mreže.
Paket:
NetworkManager 0.x
Operacijski sustavi:
Fedora 14
Kritičnost:
5.5
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
lokalno
Posljedica:
neovlašteni pristup sustavu
Rješenje:
programska zakrpa proizvođača
CVE:
CVE-2011-2176
Izvorni ID preporuke:
FEDORA-2011-8612
Izvor:
Fedora
Problem:
Propust je posljedica neodgovarajuće primjene "auth_admin" postavke.
Posljedica:
Napadaču omogućuje postavljanje nesigurne Ad-Hoc bežične mreže.
Rješenje:
Korisnicima se preporuča korištenje odgovarajućih sigurnosnih zakrpa.
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-8612
2011-06-24 02:46:23
--------------------------------------------------------------------------------
Name : NetworkManager
Product : Fedora 14
Version : 0.8.4
Release : 2.git20110622.fc14
URL : http://www.gnome.org/projects/NetworkManager/
Summary : Network connection manager and user applications
Description :
NetworkManager is a system network service that manages your network devices
and connections, attempting to keep active network connectivity when available.
It manages ethernet, WiFi, mobile broadband (WWAN), and PPPoE devices, and
provides VPN integration with a variety of different VPN services.
--------------------------------------------------------------------------------
Update Information:
This update fixes the security issue for creating shared WiFi networks.
It's been tracked by #709662 - CVE-2011-2176.
Before this update, NetworkManager didn't respect PolicyKit policies for
creating shared WiFi networks: actions
org.freedesktop.network-manager-settings.system.wifi.share.open
and org.freedesktop.network-manager-settings.system.wifi.share.protected in
/usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy
file.
Thus, users could create shared WiFi networks even if it was disabled via the
PolicyKit setting.
This update fixes this issue. Be aware, that the default policies still allow
creating shared WiFi
networks. You should modify <allow_active>yes</allow_active> to
<allow_active>auth_admin</allow_active>
if you require authorization with root password, or to
<allow_active>no</allow_active> to disallow
creating the networks altogether through the above PolicyKit actions.
In addition, this update fixes other bugs by updating NetworkManager to git
snaphot as of 2011-06-22.
- core: fix up checks for s390 CTC device type (bgo #649025)
- core: recognize platform 'gadget' devices
- core: only send hostname without domain as host-name option (rh #694758)
- core: clear 'invalid' connection tag when cable is re-plugged
- core: fix crash requesting system VPN secrets (bgo #651710)
- core: add MAC address blacklisting feature for WiFi and ethernet connections
- core: allow _ as a valid character for GSM APNs
- wifi: always fix up Ad-Hoc frequency when connecting (rh #699203)
- keyfile: better handle cert/key files that don't exist (bgo #649807)
- keyfile: ignore .pem and .der file changes
- editor: improve usability for entering manual IP addresses and routes (rh
#698199) (bgo #607678)
- editor: don't crash in edit_done_cb() when connection is invalid (rh #704848)
- editor: don't allow inserting 0.0.0.0 as destination and netmask for IPv4
routes
- editor: allow _ as a valid character for GSM APNs
- applet: ensure entries activate default button if Enter is pressed (rh
#622487)
- applet: add gsm registration status notification
- applet: filter APN entry characters in mobile-wizard
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jun 22 2011 JiĹ?Ä
Posljednje sigurnosne preporuke