Bug 769807 (CVE-2012-1096) - CVE-2012-1096 NetworkManager, wpa_supplicant: Improper x509v3 certificate and key file paths sanitization
Summary: CVE-2012-1096 NetworkManager, wpa_supplicant: Improper x509v3 certificate and...
Alias: CVE-2012-1096
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
: 799194 (view as bug list)
Depends On: 799202
Blocks: 756419
TreeView+ depends on / blocked
Reported: 2011-12-22 10:50 UTC by Jan Lieskovsky
Modified: 2023-05-12 17:02 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-06-13 16:34:01 UTC

Attachments (Terms of Use)

Description Jan Lieskovsky 2011-12-22 10:50:00 UTC
A security flaw was found in the way NetworkManager, a network connections manager, and wpa_supplicant, a WPA/WPA2/IEEE 802.1X supplicant, performed system file paths sanitization for x509v3 certificate and private key files, used for connection to trusted networks. A local attacker, with the privilege to add new network connection, could use this flaw to read arbitrary system files.

Comment 3 Jan Lieskovsky 2011-12-22 11:00:05 UTC

Red Hat would like to thank Ludwig Nussel of the SUSE security team for reporting this issue.

Comment 4 Jan Lieskovsky 2012-03-01 16:56:54 UTC
Public via:
[1] http://www.openwall.com/lists/oss-security/2012/02/29/2

Comment 5 Jan Lieskovsky 2012-03-02 08:38:37 UTC
Created NetworkManager tracking bugs for this issue

Affects: fedora-all [bug 799202]

Comment 6 Jan Lieskovsky 2012-03-02 08:42:11 UTC
*** Bug 799194 has been marked as a duplicate of this bug. ***

Comment 10 Josh Bressers 2014-06-13 16:34:01 UTC
We expect this to be fixed upstream in a future release.

Note You need to log in before you can comment on or make changes to this bug.