SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   wpa_supplicant Vendors:   Malinen, Jouni et al
(CentOS Issues Fix) wpa_supplicant P2P SSID Parsing Flaw May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1032609
SecurityTracker URL:  http://securitytracker.com/id/1032609
CVE Reference:   CVE-2015-1863   (Links to External Site)
Date:  Jun 18 2015
Impact:   Denial of service via network, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 1.0 - 2.4; with CONFIG_P2P build option enabled
Description:   A vulnerability reported in wpa_supplicant. A remote user can cause denial of service conditions, obtain potentially sensitive information, or potentially execute arbitrary code on the target system.

A remote user on the wireless network can send specially crafted SSID data to trigger a buffer overflow and potentially execute arbitrary code on the target system.

Specially crafted management frames that create or update P2P peer entries (e.g., Probe Response frame, P2P Public Action frames) can trigger this flaw.

The Google security team and smart hardware research group of Alibaba security team reported this vulnerability.

Impact:   A remote user may be able to execute arbitrary code on the target system.

A remote user can cause denial of service conditions.

A remote user can obtain potentially sensitive information.

Solution:   CentOS has issued a fix.

x86_64:
edea97f19476420c56e44b92370361ef1f1274ef6a82817cba4bb2e3f09df69c wpa_supplicant-2.0-17.el7_1.x86_64.rpm

Source:
e020d70ba91f5283914c752914e064481efb07cbc11abf1b9024f60b945b8169 wpa_supplicant-2.0-17.el7_1.src.rpm

Vendor URL:  w1.fi/wpa_supplicant/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  7

Message History:   This archive entry is a follow-up to the message listed below.
Apr 23 2015 wpa_supplicant P2P SSID Parsing Flaw May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1090 Important CentOS 7 wpa_supplicant Security Update


CentOS Errata and Security Advisory 2015:1090 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1090.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

x86_64:
edea97f19476420c56e44b92370361ef1f1274ef6a82817cba4bb2e3f09df69c  wpa_supplicant-2.0-17.el7_1.x86_64.rpm

Source:
e020d70ba91f5283914c752914e064481efb07cbc11abf1b9024f60b945b8169  wpa_supplicant-2.0-17.el7_1.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC