CVE-2006-7246 - OpenCVE

NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.

Attack Vector Adjacent Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:A/AC:H/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gnome	Networkmanager
Suse	Linux Enterprise Desktop Linux Enterprise Server
Opensuse	Opensuse

Configuration 1 [-]

cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*

Configuration 3 [-]

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::

References

Link	Resource
http://www.openwall.com/lists/oss-security/2010/04/22/2	Mailing List Third Party Advisory
https://bugzilla.gnome.org/show_bug.cgi?id=341323	Exploit Issue Tracking Patch Vendor Advisory
https://bugzilla.novell.com/show_bug.cgi?id=574266	Exploit Issue Tracking Patch
https://lwn.net/Articles/468868/	Exploit Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-01-27T14:56:49

Updated: 2020-01-27T14:56:49

Reserved: 2011-10-18T00:00:00

Link: CVE-2006-7246

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-01-27T15:15:10.807

Modified: 2020-01-31T15:53:27.317

Link: CVE-2006-7246

JSON object: View

Redhat Information

No data.

CWE

CWE-295

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-05-10T00:00:00", "descriptions": [{"lang": "en", "value": "NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T14:56:49", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=341323"}, {"tags": ["x_refsource_MISC"], "url": "http://www.openwall.com/lists/oss-security/2010/04/22/2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=574266"}, {"tags": ["x_refsource_MISC"], "url": "https://lwn.net/Articles/468868/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-7246", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.gnome.org/show_bug.cgi?id=341323", "refsource": "MISC", "url": "https://bugzilla.gnome.org/show_bug.cgi?id=341323"}, {"name": "http://www.openwall.com/lists/oss-security/2010/04/22/2", "refsource": "MISC", "url": "http://www.openwall.com/lists/oss-security/2010/04/22/2"}, {"name": "https://bugzilla.novell.com/show_bug.cgi?id=574266", "refsource": "MISC", "url": "https://bugzilla.novell.com/show_bug.cgi?id=574266"}, {"name": "https://lwn.net/Articles/468868/", "refsource": "MISC", "url": "https://lwn.net/Articles/468868/"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-7246", "datePublished": "2020-01-27T14:56:49", "dateReserved": "2011-10-18T00:00:00", "dateUpdated": "2020-01-27T14:56:49", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnome:networkmanager:*:*:*:*:*:*:*:*", "matchCriteriaId": "92EC70BD-974C-4C03-9E46-71452D7F4060", "versionEndIncluding": "0.9.9.98", "versionStartIncluding": "0.9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "matchCriteriaId": "5646FDE9-CF21-46A9-B89D-F5BBDB4249AF", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*", "matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "60FBDD82-691C-4D9D-B71B-F9AFF6931B53", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used."}, {"lang": "es", "value": "NetworkManager versiones 0.9.x, no fija un asunto del certificado en un ESSID cuando es usada la autenticaci\u00f3n 802.11X."}], "id": "CVE-2006-7246", "lastModified": "2020-01-31T15:53:27.317", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.2, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.2, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T15:15:10.807", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2010/04/22/2"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://bugzilla.gnome.org/show_bug.cgi?id=341323"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Patch"], "url": "https://bugzilla.novell.com/show_bug.cgi?id=574266"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://lwn.net/Articles/468868/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}]}