[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE Request: NetworkManager creates an open network when asked to create an adhoc
From:       Yves-Alexis Perez <corsac () debian ! org>
Date:       2012-06-15 5:43:19
Message-ID: 1339738999.10233.23.camel () scapa
[Download RAW message or body]


On jeu., 2012-06-14 at 22:52 -0600, Kurt Seifried wrote:
> On 06/14/2012 10:28 PM, Huzaifa Sidhpurwala wrote:
> > Hi All,
> > 
> > In NetworkManager, when a new wireless network was created with 
> > WPA/WPA2 security, it created an open/insecure network. From the
> > commit, it seems the bug exists in the kernel.
> > 
> > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=782627 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> >
> >  The patch disables WPA adhoc networks completely untill a better 
> > solution is found.
> > 
> > Can a CVE id be please assigned to this issue?
> 
> Please use CVE-2012-2736 for this issue.
> 
> 

And shouldn't something been done on the kernel part? I'm not sure how
it behaves but if it silently create an open ad-hoc connection while it
was requested a wpa one by the application, that looks like something
warranting a CVE too.

Regards,
-- 
Yves-Alexis

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]