Vigil@nce - NetworkManager: creation of WiFi network
July 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
A local attacker can use NetworkManager, in order to configure a
WiFi network with no password.
Severity: 2/4
Creation date: 23/06/2011
IMPACTED PRODUCTS
– Fedora
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The NetworkManager software is used to configure networks.
The PolicyKit library defines access rights which are required for
privileged actions. For example, an administrator ("auth_admin")
can be allowed to enable a service ("allow_active").
Access rights to NetworkManager are defined via PolicyKit :
– org.freedesktop.NetworkManager.enable-disable-network :
enabling a network
– org.freedesktop.NetworkManager.enable-disable-wifi : enabling
and disabling WiFi
– etc.
However, the following rules are ignored:
– org.freedesktop.network-manager-settings.system.wifi.share.protected
: creation of a protected WiFi network
– org.freedesktop.network-manager-settings.system.wifi.share.open
: creation of an open WiFi network
The creation of a WiFi network is thus not forbidden by PolicyKit.
A local attacker can therefore use NetworkManager, in order to
configure a WiFi network with no password.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/NetworkManager-creation-of-WiFi-network-10770