FS#44696 : [wpa_supplicant] P2P SSID buffer overflow vulnerability

FS#44696 - [wpa_supplicant] P2P SSID buffer overflow vulnerability

Attached to Project: Arch Linux
Opened by Cheng Sun (infinigon) - Wednesday, 22 April 2015, 23:21 GMT
Last edited by Doug Newgard (Scimmia) - Thursday, 23 April 2015, 00:21 GMT

Task Type	Bug Report
Category	Packages: Core
Status	Closed
Assigned To	No-one
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	0
Private	No

Details

Description:

A vulnerability has been reported in the current version of wpa_supplicant, with a patch/workaround attached.

A suitably crafted frame can in certain situations trigger a buffer
overflow, which could result in heap corruption, a crash, exposure of memory contents
and potentially arbitrary code execution.

Details here: http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt

Additional info:

* wpa_supplicant 2.4 is vulnerable.
* A patch is available at http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch
* Alternatively, as a workaround wpa_supplicant can be compiled with P2P disabled (CONFIG_P2P=n)

This task depends upon

Closed by Doug Newgard (Scimmia)
Thursday, 23 April 2015, 00:21 GMT
Reason for closing: Duplicate
Additional comments about closing: ~~FS#44695~~

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#44696 - [wpa_supplicant] P2P SSID buffer overflow vulnerability

Details

Loading...