Scientific Linux Security Update : NetworkManager on SL5.x i386/x86_64

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Scientific Linux host is missing one or more security

Description :

CVE-2009-4145 NetworkManager: information disclosure by

CVE-2009-4144 NetworkManager: WPA enterprise network not verified when
certificate is removed

A missing network certificate verification flaw was found in
NetworkManager. If a user created a WPA Enterprise or 802.1x wireless
network connection that was verified using a Certificate Authority
(CA) certificate, and then later removed that CA certificate file,
NetworkManager failed to verify the identity of the network on the
following connection attempts. In these situations, a malicious
wireless network spoofing the original network could trick a user into
disclosing authentication credentials or communicating over an
untrusted network. (CVE-2009-4144)

An information disclosure flaw was found in NetworkManager's
nm-connection-editor D-Bus interface. If a user edited network
connection options using nm-connection-editor, a summary of those
changes was broadcasted over the D-Bus message bus, possibly
disclosing sensitive information (such as wireless network
authentication credentials) to other local users. (CVE-2009-4145)

See also :

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.8

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 60734 ()

Bugtraq ID:

CVE ID: CVE-2009-4144

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now