[Pkg-utopia-maintainers] Bug#717158: network-manager: ignores settings from dhclient.conf and requests insecure properties
Christoph Anton Mitterer
calestyo at scientia.net
Wed Jul 17 12:54:04 UTC 2013
Package: network-manager
Version: 0.9.8.0-5
Severity: important
Tags: security
Hi.
NM aparently thinks it's smarter and ignores any settings from dhclient.conf.
This leads to security problems, if one e.g. intentionally told dhcp
to ignore properties like the dns-search path, which may be used by a hostile
dhcp server to trick you into wrong domains.
Chris.
-- System Information:
Debian Release: jessie/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.9-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_DE.UTF-8, LC_CTYPE=en_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages network-manager depends on:
ii adduser 3.113+nmu3
ii dbus 1.6.12-1
ii isc-dhcp-client 4.2.4-7
ii libc6 2.17-7
ii libdbus-1-3 1.6.12-1
ii libdbus-glib-1-2 0.100.2-1
ii libgcrypt11 1.5.2-3
ii libglib2.0-0 2.36.3-3
ii libgnutls26 2.12.23-5
ii libgudev-1.0-0 175-7.2
ii libnl-3-200 3.2.21-1
ii libnl-genl-3-200 3.2.21-1
ii libnl-route-3-200 3.2.21-1
ii libnm-glib4 0.9.8.0-5
ii libnm-util2 0.9.8.0-5
ii libpolkit-gobject-1-0 0.105-3
ii libuuid1 2.20.1-5.5
ii lsb-base 4.1+Debian12
ii udev 175-7.2
ii wpasupplicant 1.0-3+b2
Versions of packages network-manager recommends:
ii crda 1.1.2-1
ii dnsmasq-base 2.66-3
ii iptables 1.4.18-1.1
pn modemmanager <none>
ii policykit-1 0.105-3
ii ppp 2.4.5-5.2
Versions of packages network-manager suggests:
pn avahi-autoipd <none>
-- Configuration Files:
/etc/NetworkManager/NetworkManager.conf changed:
[main]
plugins=ifupdown,keyfile
[ifupdown]
managed=true
/etc/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla [Errno 13] Permission denied: u'/etc/polkit-1/localauthority/10-vendor.d/org.freedesktop.NetworkManager.pkla'
-- no debconf information
More information about the Pkg-utopia-maintainers
mailing list