5.8 Medium
CVSS2
Access Vector
ADJACENT_NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:A/AC:L/Au:N/C:P/I:P/A:P
0.075 Low
EPSS
Percentile
94.0%
CentOS Errata and Security Advisory CESA-2015:1090
The wpa_supplicant package contains an 802.1X Supplicant with support for
WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication
methods. It implements key negotiation with a WPA Authenticator for client
stations and controls the roaming and IEEE 802.11 authentication and
association of the WLAN driver.
A buffer overflow flaw was found in the way wpa_supplicant handled SSID
information in the Wi-Fi Direct / P2P management frames. A specially
crafted frame could allow an attacker within Wi-Fi radio range to cause
wpa_supplicant to crash or, possibly, execute arbitrary code.
(CVE-2015-1863)
An integer underflow flaw, leading to a buffer over-read, was found in the
way wpa_supplicant handled WMM Action frames. A specially crafted frame
could possibly allow an attacker within Wi-Fi radio range to cause
wpa_supplicant to crash. (CVE-2015-4142)
Red Hat would like to thank Jouni Malinen of the wpa_supplicant upstream
for reporting the CVE-2015-1863 issue. Upstream acknowledges Alibaba
security team as the original reporter.
This update also adds the following enhancement:
All wpa_supplicant users are advised to upgrade to this updated package,
which contains backported patches to correct these issues and add this
enhancement. After installing this update, the wpa_supplicant service will
be restarted automatically.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-June/083333.html
Affected packages:
wpa_supplicant
Upstream details at:
https://access.redhat.com/errata/RHSA-2015:1090
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 7 | x86_64 | wpa_supplicant | <Β 2.0-17.el7_1 | wpa_supplicant-2.0-17.el7_1.x86_64.rpm |