Vulnerability Description
NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
CVSS Score
6.8
MEDIUM
CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnome | Networkmanager | >= 0.9.0, <= 0.9.9.98 |
| Opensuse | Opensuse | 11.3 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Server | 11 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2010/04/22/2Mailing ListThird Party Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=341323ExploitIssue TrackingPatch
- https://bugzilla.novell.com/show_bug.cgi?id=574266ExploitIssue TrackingPatch
- https://lwn.net/Articles/468868/ExploitPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2010/04/22/2Mailing ListThird Party Advisory
- https://bugzilla.gnome.org/show_bug.cgi?id=341323ExploitIssue TrackingPatch
- https://bugzilla.novell.com/show_bug.cgi?id=574266ExploitIssue TrackingPatch
- https://lwn.net/Articles/468868/ExploitPatchThird Party Advisory
FAQ
What is CVE-2006-7246?
CVE-2006-7246 is a vulnerability with a CVSS score of 6.8 (MEDIUM). NetworkManager 0.9.x does not pin a certificate's subject to an ESSID when 802.11X authentication is used.
How severe is CVE-2006-7246?
CVE-2006-7246 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7246?
Check the references section above for vendor advisories and patch information. Affected products include: Gnome Networkmanager, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server.