Bug 709662 - (CVE-2011-2176) CVE-2011-2176 NetworkManager: Did not honour PolicyKit auth_admin action element by creation of Ad-Hoc wireless networks
CVE-2011-2176 NetworkManager: Did not honour PolicyKit auth_admin action elem...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20110608,reported=20110601,sou...
: Security
Depends On: 705806 715492 715494
Blocks: 711951
  Show dependency treegraph
 
Reported: 2011-06-01 06:28 EDT by Jan Lieskovsky
Modified: 2016-01-04 01:05 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2011-06-01 06:28:56 EDT
It was found that NetworkManager, a network devices and connections manager,
did not properly enforce the PolicyKit 'auth_admin' action element settings
(did not require authentication by an administrative user), when the
'auth_admin' element was specified in
org.freedesktop.network-manager-settings.system.wifi.share.open (connection
sharing via an open WiFi network) action. A local attacker could use this flaw
to setup an unsecure (passwordless) Ad-Hoc wireless network.
Comment 6 Huzaifa S. Sidhpurwala 2011-06-09 01:00:41 EDT
Dan, jirka,

any update on where this is going?
Comment 10 Huzaifa S. Sidhpurwala 2011-06-17 00:59:08 EDT
Jirka, Dan:

It seems that other actions in /usr/share/polkit-1/actions/org.freedesktop.network-manager-settings.system.policy does not work with the version of NM in Fedora-14 and perhaps also RHEL6.
Would this patch address those issues as well?
Comment 11 Huzaifa S. Sidhpurwala 2011-06-17 02:40:01 EDT
org.freedesktop.network-manager-settings.system.modify
org.freedesktop.network-manager-settings.system.hostname.modify

Does work.


org.freedesktop.network-manager-settings.system.wifi.share.protected
org.freedesktop.network-manager-settings.system.wifi.share.open

Does not work.

So this is really just wireless related.
Comment 12 Huzaifa S. Sidhpurwala 2011-06-17 03:25:25 EDT
I propose we get both these issues fixed, so that we can cover it in the same erratum
Comment 16 Huzaifa S. Sidhpurwala 2011-06-23 00:01:23 EDT
Created NetworkManager tracking bugs for this issue

Affects: fedora-all [bug 715492]
Comment 18 errata-xmlrpc 2011-07-12 16:11:18 EDT
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0930 https://rhn.redhat.com/errata/RHSA-2011-0930.html
Comment 19 Bin Li 2011-08-16 09:09:21 EDT
Hi guys,

 A little confused about this issue, how use this flaw to setup an unsecure (passwordless) Ad-Hoc wireless network.

 Does it affect the 0.8.2? From this source code I can't find any process for below.

org.freedesktop.network-manager-settings.system.wifi.share.protected
org.freedesktop.network-manager-settings.system.wifi.share.open

 Thanks!

Note You need to log in before you can comment on or make changes to this bug.