headers
Huzaifa Sidhpurwala | 15 Jun 2012 06:28
Picon
Favicon

CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network

Hi All,

In NetworkManager, when a new wireless network was created with
WPA/WPA2 security, it created an open/insecure network.
From the commit, it seems the bug exists in the kernel.

Reference:
https://bugzilla.redhat.com/show_bug.cgi?id=782627
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972
http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39

The patch disables WPA adhoc networks completely untill a better
solution is found.

Can a CVE id be please assigned to this issue?

--

-- 
Huzaifa Sidhpurwala / Red Hat Security Response Team
Permalink | Reply |
headers
Kurt Seifried | 15 Jun 2012 06:52
Picon
Favicon

Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network


On 06/14/2012 10:28 PM, Huzaifa Sidhpurwala wrote:
> Hi All,
> 
> In NetworkManager, when a new wireless network was created with 
> WPA/WPA2 security, it created an open/insecure network. From the
> commit, it seems the bug exists in the kernel.
> 
> Reference: https://bugzilla.redhat.com/show_bug.cgi?id=782627 
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 
> http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
>
>  The patch disables WPA adhoc networks completely untill a better 
> solution is found.
> 
> Can a CVE id be please assigned to this issue?

Please use CVE-2012-2736 for this issue.

--

-- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Permalink | Reply |
headers
Yves-Alexis Perez | 15 Jun 2012 07:43
Picon
Favicon

Re: CVE Request: NetworkManager creates an open network when asked to create an adhoc-WPA network

On jeu., 2012-06-14 at 22:52 -0600, Kurt Seifried wrote:
> On 06/14/2012 10:28 PM, Huzaifa Sidhpurwala wrote:
> > Hi All,
> > 
> > In NetworkManager, when a new wireless network was created with 
> > WPA/WPA2 security, it created an open/insecure network. From the
> > commit, it seems the bug exists in the kernel.
> > 
> > Reference: https://bugzilla.redhat.com/show_bug.cgi?id=782627 
> > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655972 
> > http://cgit.freedesktop.org/NetworkManager/NetworkManager/commi/?id=69247a00eacd00617acbf1dfcee8497437b8ad39
> >
> >  The patch disables WPA adhoc networks completely untill a better 
> > solution is found.
> > 
> > Can a CVE id be please assigned to this issue?
> 
> Please use CVE-2012-2736 for this issue.
> 
> 

And shouldn't something been done on the kernel part? I'm not sure how
it behaves but if it silently create an open ad-hoc connection while it
was requested a wpa one by the application, that looks like something
warranting a CVE too.

Regards,
--

-- 
Yves-Alexis
(Continue reading)

Permalink | Reply |

Gmane