CVE-2009-4144

Description

NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers to obtain sensitive information or cause a denial of service (connectivity disruption) by spoofing the identity of a wireless network.

How to fix CVE-2009-4144

To remediate CVE-2009-4144, upgrade the affected package to a fixed version below.

• Debian/network-manager-applet—upgrade to 0.7.2-2 or later

Is CVE-2009-4144 being exploited?

Low — EPSS is 1.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 0.7.2-2

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2009-4144