[Pkg-utopia-maintainers] Bug#560067: Bug#560067: network-manager-gnome: nm connects to WPA2 with certificate after .pem file was delated
Michael Biebl
biebl at debian.org
Wed Dec 9 19:14:26 UTC 2009
severity 560067 important
thanks
Witold Baryluk wrote:
> Package: network-manager-gnome
> Version: 0.7.2-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> After configuring WPA2 Enterprise with TTLS and PAP, I was using certificate file
> in /etc/ssl/certs/...pem (autmatically imported from /usr/local/share/ca-certificates/domain/certrootfile.crt)
>
>
> Then i reinstalled system, and not configured certifcates yet.
>
> After reinstalling system and restoring /home directory, i logged into my new stystem.
>
> After giving password to gnome-keyring NM automatically connected to my network,
> even cosindering that it is not existing:
>
> ** (nm-applet:6704): WARNING **: utils_fill_connection_certs: couldn't read CA certificate: 4 Nie można otworzyć pliku "/etc/ssl/certs/SMP_Root_Certification_Authority_2.pem": Nie ma takiego pliku ani katalogu
>
>
>
> But NM thinks that it should connect anyway. And it connects,
> possibly leaking my credentials, login and password, and all
> keys, and of course network traffic.
>
>
> It should be considerebly more verbose error provided to an user (using nm-applet),
> and NM should abort connecting.
I agree it is a security issue, but imho not such a severe one that severity
grave is justified, especially as it only happens under very particular
circumstances (thus downgrading to important).
This bug is supposedly fixed in the upcoming 0.8 release. If you want to try, I
have preliminary packages at [1] and I would be interested if this packages
behave better.
Cheers,
Michael
[1] http://debs.michaelbiebl.de/network-manager/
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20091209/f4e6d535/attachment.pgp>
More information about the Pkg-utopia-maintainers
mailing list