Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201606-17
HistoryJun 27, 2016 - 12:00 a.m.

hostapd and wpa_supplicant: Multiple vulnerabilities

2016-06-2700:00:00
Gentoo Foundation
security.gentoo.org
40

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

94.1%

JSON

Background

wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN). hostapd is a user space daemon for access point and authentication servers.

Description

Multiple vulnerabilities exist in both hostapd and wpa_supplicant. Please review the CVE identifiers for more information.

Impact

Remote attackers could execute arbitrary code with the privileges of the process or cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All hostapd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-wireless/hostapd-2.5"

All wpa_supplicant users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-wireless/wpa_supplicant-2.5-r1"
OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-wireless/hostapd<Β 2.5UNKNOWN
Gentooanyallnet-wireless/wpa_supplicant<Β 2.5-r1UNKNOWN

Related

nessus 51
securityvulns 6
ubuntu 3
archlinux 3
freebsd 2
openvas 36
oraclelinux 3
debian 8
osv 5
centos 3
redhat 3
fedora 12
ibm 1
suse 5
cvelist 8
prion 8
debiancve 8
cve 8
ubuntucve 8
nvd 8
slackware 2
mageia 1
veracode 1
androidsecurity 1
apple 1
nessus
nessus
GLSA-201606-17 : hostapd and wpa_supplicant: Multiple vulnerabilities
2016-06-28 00:00:00
Ubuntu 14.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-2650-1)
2015-06-17 00:00:00
FreeBSD : hostapd and wpa_supplicant -- multiple vulnerabilities (bbc0db92-084c-11e5-bb90-002590263bf5)
2015-06-03 00:00:00
securityvulns
securityvulns
wpa_supplicant multiple security vulnerabilities
2015-06-21 00:00:00
[USN-2650-1] wpa_supplicant and hostapd vulnerabilities
2015-06-21 00:00:00
[USN-2383-1] wpa_supplicant vulnerability
2014-10-15 00:00:00
ubuntu
ubuntu
wpa_supplicant and hostapd vulnerabilities
2015-06-16 00:00:00
wpa_supplicant vulnerability
2014-10-14 00:00:00
wpa_supplicant vulnerability
2015-04-23 00:00:00
archlinux
archlinux
hostapd: denial of service
2015-10-05 00:00:00
wpa_supplicant, hostapd: Arbitrary command execution
2014-10-20 00:00:00
wpa_supplicant: arbitrary code execution
2015-04-24 00:00:00
freebsd
freebsd
hostapd and wpa_supplicant -- multiple vulnerabilities
2015-05-04 00:00:00
wpa_supplicant -- P2P SSID processing vulnerability
2015-04-22 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2650-1)
2015-06-17 00:00:00
Oracle: Security Advisory (ELSA-2015-1090)
2015-10-06 00:00:00
Debian Security Advisory DSA 3397-1 (wpa - security update)
2015-11-10 00:00:00
oraclelinux
oraclelinux
wpa_supplicant security and enhancement update
2015-06-11 00:00:00
wpa_supplicant security update
2014-12-03 00:00:00
wpa_supplicant security and enhancement update
2015-07-28 00:00:00
debian
debian
[SECURITY] [DSA 3397-1] wpa security update
2015-11-10 20:08:26
[SECURITY] [DSA 3397-1] wpa security update
2015-11-10 20:08:26
[SECURITY] [DSA 3052-1] wpa security update
2014-10-16 04:02:40
osv
osv
wpa - security update
2015-11-10 00:00:00
wpasupplicant - security update
2015-02-07 00:00:00
wpa - security update
2014-10-15 00:00:00
centos
centos
wpa_supplicant security update
2015-06-15 20:01:17
wpa_supplicant security update
2014-12-04 13:38:10
wpa_supplicant security update
2015-07-26 14:13:00
redhat
redhat
(RHSA-2015:1090) Important: wpa_supplicant security and enhancement update
2015-06-11 00:00:00
(RHSA-2015:1439) Low: wpa_supplicant security and enhancement update
2015-07-22 00:00:00
(RHSA-2014:1956) Moderate: wpa_supplicant security update
2014-12-03 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: wpa_supplicant-2.0-13.fc20
2015-05-12 20:48:12
[SECURITY] Fedora 20 Update: hostapd-2.3-1.fc20
2014-11-07 02:40:32
[SECURITY] Fedora 21 Update: wpa_supplicant-2.0-17.fc21
2015-11-23 23:21:55
ibm
ibm
Security Bulletin:Vulnerabilities in wpa_supplicant may affect PowerKVM (CVE-2015-1863 and CVE-2015-4142)
2018-06-18 01:29:36
suse
suse
Security update for hostapd (important)
2017-10-28 00:18:34
Security update for wpa_supplicant (important)
2014-11-04 22:04:46
Security update for wpa_supplicant (important)
2015-05-01 15:04:46
cvelist
cvelist
CVE-2015-4146
2015-06-15 15:00:00
CVE-2014-3686
2014-10-16 00:00:00
CVE-2015-4143
2015-06-15 15:00:00
prion
prion
Design/Logic Flaw
2014-10-16 00:55:00
Out-of-bounds
2015-06-15 15:59:00
Memory corruption
2015-06-15 15:59:00
debiancve
debiancve
CVE-2014-3686
2014-10-16 00:55:05
CVE-2015-4143
2015-06-15 15:59:07
CVE-2015-4145
2015-06-15 15:59:09
cve
cve
CVE-2015-4143
2015-06-15 15:59:07
CVE-2014-3686
2014-10-16 00:55:05
CVE-2015-4144
2015-06-15 15:59:08
ubuntucve
ubuntucve
CVE-2015-4146
2015-06-01 00:00:00
CVE-2015-4142
2015-06-01 00:00:00
CVE-2015-4143
2015-06-01 00:00:00
nvd
nvd
CVE-2015-4142
2015-06-15 15:59:06
CVE-2014-3686
2014-10-16 00:55:05
CVE-2015-4145
2015-06-15 15:59:09
slackware
slackware
[slackware-security] wpa_supplicant
2014-12-11 04:12:54
[slackware-security] wpa_supplicant
2015-05-12 07:24:33
mageia
mageia
Updated wpa_supplicant and hostapd packages fix security vulnerability
2014-10-28 14:33:36
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:06:45
androidsecurity
androidsecurity
Nexus Security Bulletinβ€”August 2015
2015-08-13 00:00:00
apple
apple
About the security content of iOS 15.5 and iPadOS 15.5
2022-05-16 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.075 Low

EPSS

Percentile

94.1%

JSON
Related for GLSA-201606-17
nessus51securityvulns6ubuntu3archlinux3freebsd2openvas36oraclelinux3debian8osv5centos3redhat3fedora12ibm1suse5cvelist8prion8debiancve8cve8ubuntucve8nvd8slackware2mageia1veracode1androidsecurity1apple1