Bug 911126 (CVE-2013-4218)
| Summary: | CVE-2013-4218 wimax: Supplicant agent ships RSA private key in the package | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Florian Weimer <fweimer> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED EOL | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | dcbw, jlieskov, jrusnack, rkhan |
| Target Milestone: | --- | Keywords: | Reopened, Security |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-02-17 16:48:37 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 995160 | ||
| Bug Blocks: | 909233 | ||
|
Description
Florian Weimer
2013-02-14 12:46:18 UTC
A security flaw was found in the way supplicant agent of WiMAX, an user space daemon for the Intel 2400m Wireless WiMAX link, used to manage its private key (private key was shipped together with the source code). A local attacker could use this flaw to obtain security sensitive data or, to conduct actions on behalf of private key owner. Acknowledgements: This issue was found by Florian Weimer of Red Hat Product Security Team. Created wimax tracking bugs for this issue: Affects: fedora-all [bug 995160] The CVE identifier of CVE-2013-4218 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2013/08/08/17 Only Fedora 19 shipped the wimax packages, and it is now EOL. |