Bug 410987 (CVE-2012-1096)

Summary:	net-misc/networkmanager: Arbitrary file read as root (CVE-2012-1096)
Product:	Gentoo Security	Reporter:	Tim Sammut (RETIRED) <underling>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED NEEDINFO
Severity:	minor	CC:	dagger, gnome, leho, nirbheek, qiaomuf, tetromino
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://bugzilla.redhat.com/show_bug.cgi?id=769807
Whiteboard:	B4 [upstream]
Package list:		Runtime testing required:	---

Description Tim Sammut (RETIRED) gentoo-dev

2012-04-06 03:56:11 UTC

From the Red Hat bug at $URL:

A security flaw was found in the way NetworkManager, a network connections
manager, and wpa_supplicant, a WPA/WPA2/IEEE 802.1X supplicant, performed
system file paths sanitization for x509v3 certificate and private key files,
used for connection to trusted networks. A local attacker, with the privilege
to add new network connection, could use this flaw to read arbitrary system
files.

Red Hat would like to thank Ludwig Nussel of the SUSE security team for
reporting this issue.

Comment 1 Alexandre Rostovtsev (RETIRED) gentoo-dev

2012-04-06 04:14:35 UTC

Is there a patch for this issue somewhere? (I don't see anything immediately obvious in NetworkManager git.)

Comment 2 Tim Sammut (RETIRED) gentoo-dev

2012-04-06 04:31:44 UTC

(In reply to comment #1)
> Is there a patch for this issue somewhere? (I don't see anything immediately
> obvious in NetworkManager git.)

I do not see one anywhere. There is a private Red Hat bug linked, https://bugzilla.redhat.com/show_bug.cgi?id=756419, but I do not what it contains.

Comment 3 Leho Kraav (:macmaN @lkraav) 2016-06-29 18:18:58 UTC

Is this bug safe to deadpool? 4 years old.

Comment 4 Yury German Gentoo Infrastructure

2017-06-14 02:29:41 UTC

4 year old bug, since that time, a number of releases. 
I will consider this dead unless someone has the specifics. 

closing!