[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 473-1] wpa security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : wpa
Version        : 1.0-3+deb7u4
CVE ID         : CVE-2016-4476 CVE-2016-4477
Debian Bug     : 823411

A vulnerability was found in how hostapd and wpa_supplicant writes the
configuration file update for the WPA/WPA2 passphrase parameter. If
this parameter has been updated to include control characters either
through a WPS operation (CVE-2016-4476) or through local configuration
change over the wpa_supplicant control interface (CVE-2016-4477), the
resulting configuration file may prevent the hostapd and
wpa_supplicant from starting when the updated file is used. In
addition for wpa_supplicant, it may be possible to load a local
library file and execute code from there with the same privileges
under which the wpa_supplicant process runs.

CVE-2016-4476
    hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do
    not reject \n and \r characters in passphrase parameters, which
    allows remote attackers to cause a denial of service (daemon
    outage) via a crafted WPS operation.

CVE-2016-4477
    wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r
    characters in passphrase parameters, which allows local users to
    trigger arbitrary library loading and consequently gain privileges,
    or cause a denial of service (daemon outage), via a crafted (1)
    SET, (2) SET_CRED, or (3) SET_NETWORK command.


For Debian 7 "Wheezy", these problems have been fixed in version
1.0-3+deb7u4.

We recommend that you upgrade your wpa packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXN5ZpXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk2fEQAMFQjYinIL6N8e5a//187pwX
p1ElCPFxhwUkDNfGUpXdmQZ68Mtcc9syJ7fLzku558wXiX6Ku4AjcWO0i8j6Tt3R
dvNeoDbfAIg4Uj1z8wAVU3XMAbZOCoNJLBk35RlFVRNxysRFnn8kgxajtz7e2KVv
NlqGwPOle5httR1EdBo0FEjhwxaR/GUnjpAsCLR1y89rObmqstgJPcTLySLBB3jV
iFBECe6TG681I0qdVouC/zxM3Fwp4cdNmJVYkNs9xo6KJl7bJXg1HqgpNeslhBuS
eCeC5eWR2ZwcopundhwfnCElYipPEiRfs/NTSSz/QAx1dy6rOD9WAVsbm+qahctZ
EWOzxhYIKtN8RvqkDYYjpPZHaKtSVuVear1Pxjn5DDWJ7wRwGoH4TswTVakl6F1J
Mkxfjo7Ie6PWpvHOuAV+oevaiirFrTD3nYJ4GZCUOe8NWUff4155QMRSER3es/UY
UN47oXSqHLyJ6Wq/iM6r3wlDOVA9N5G2nlJfiFz6yHnDpVr4APeIC+G8BbNmxlcX
QwJ8fCuk0YsN4hYF2dPCY6ZnkXejBHGIua6BfFb7FcopN38qLc8ylTd1MmoB1nyQ
lJJeDBbNvQaRF5iuO2PTyqn7tsFeeSlIuOcVnivMlXOgdoIyINgQiM67sZI9ytGY
RXfA6StqFO9fEnX5q89D
=vwUu
-----END PGP SIGNATURE-----


Reply to: