openSUSE Security Update : NetworkManager-gnome / NetworkManager / wpa_supplicant / etc (openSUSE-2011-15)
High Nessus Plugin ID 74520
SynopsisThe remote openSUSE host is missing a security update.
DescriptionNetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).
Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.
SolutionUpdate the affected NetworkManager-gnome / NetworkManager / wpa_supplicant / etc packages.