wpa_supplicant Remote Code Execution Vulnearability

Last Update Date: 24 Apr 2015 10:09 Release Date: 24 Apr 2015 2868 Views

RISK: Medium Risk

Medium Risk

TYPE: Servers - Network Management

TYPE: Network Management

 A vulnerability has been identified in wpa_supplicant. A remote user can cause denial of service conditions, obtain potentially sensitive information, or potentially execute arbitrary code on the target system.

 

A remote user on the wireless network can send specially crafted SSID data to trigger a buffer overflow and potentially execute arbitrary code on the target system.

 

Impact

  • Denial of Service
  • Remote Code Execution
  • Information Disclosure

System / Technologies affected

  •  Version 1.0 - 2.4; with CONFIG_P2P build option enabled

 

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 

The vendor has issued a patch, available at:

http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch

The fix will be included in version 2.5.

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Mozilla Firefox Remote Code Execution Vulnerability

22 Apr 2015 2876 Views

Next

Apple iOS SSL Certification Processing Deny of Service Vulnerability

24 Apr 2015 2924 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY