openSUSE Security Update : NetworkManager (openSUSE-SU-2011:1273-1)

Low Nessus Plugin ID 75683


The remote openSUSE host is missing a security update.


NetworkManager did not pin a certificate's subject to an ESSID. A rogue access point could therefore be used to conduct MITM attacks by using any other valid certificate issued by same CA as used in the original network (CVE-2006-7246).

Please note that existing WPA2 Enterprise connections need to be deleted and re-created to take advantage of the new security checks.

NetworkManager did not honor the PolicyKit auth_admin setting when creating Ad-Hoc wireless networks (CVE-2011-2176)


Update the affected NetworkManager packages.

See Also

Plugin Details

Severity: Low

ID: 75683

File Name: suse_11_3_NetworkManager-111104.nasl

Version: $Revision: 1.1 $

Type: local

Agent: unix

Published: 2014/06/13

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:NetworkManager, p-cpe:/a:novell:opensuse:NetworkManager-devel, p-cpe:/a:novell:opensuse:NetworkManager-glib, p-cpe:/a:novell:opensuse:NetworkManager-gnome, p-cpe:/a:novell:opensuse:wpa_supplicant, p-cpe:/a:novell:opensuse:wpa_supplicant-gui, cpe:/o:novell:opensuse:11.3

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2011/11/04

Reference Information

CVE: CVE-2006-7246, CVE-2011-2176

OSVDB: 73318, 77301