SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   wpa_supplicant Vendors:   Malinen, Jouni et al
wpa_supplicant Input Validation Flaw in 'hostapd_cli' Lets Remote Wireless Users Execute Arbitrary Commands
SecurityTracker Alert ID:  1031294
SecurityTracker URL:  http://securitytracker.com/id/1031294
CVE Reference:   CVE-2014-3686   (Links to External Site)
Date:  Dec 3 2014
Impact:   Execution of arbitrary code via network, Root access via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in wpa_supplicant. A remote user on the local wireless network can execute arbitrary commands on the target system.

The hostapd_cli component does not properly validate user-supplied data. When used to run action scripts ('-a' command line parameter) in an affected build combination, a remote user on the local wireless network can send specially crafted frame data to execute arbitrary operating system commands on the target system. The commands will run with the privileges of the hostapd_cli process.

The following build combinations are affected:

wpa_supplicant v1.0-v2.2 with CONFIG_P2P build option enabled and connecting to a P2P group

wpa_supplicant v2.1-v2.2 with CONFIG_WNM build option enabled

wpa_supplicant v2.2 with CONFIG_HS20 build option enabled

hostapd v0.7.2-v2.2 with CONFIG_WPS build option enabled and WPS enabled in runtime configuration

Jouni Malinen reported this vulnerability.

Impact:   A remote user on the local wireless network can execute arbitrary commands on the target system.
Solution:   The vendor has issued patches, available at:

http://w1.fi/security/2014-1/

The vendor's advisory is available at:

http://w1.fi/security/2014-1/wpacli-action-scripts.txt

Vendor URL:  w1.fi/security/2014-1/wpacli-action-scripts.txt (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (FreeBSD), UNIX (NetBSD), UNIX (OpenBSD), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Dec 4 2014 (Red Hat Issues Fix) wpa_supplicant Input Validation Flaw in 'hostapd_cli' Lets Remote Wireless Users Execute Arbitrary Commands
Red Hat has issued a fix for Red Hat Enterprise Linux 7.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC