Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2014-1956.NASL
HistoryDec 04, 2014 - 12:00 a.m.

RHEL 7 : wpa_supplicant (RHSA-2014:1956)

2014-12-0400:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.3%

JSON

An updated wpa_supplicant package that fixes one security issue is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.

The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver.

A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code.
(CVE-2014-3686)

Red Hat would like to thank Jouni Malinen for reporting this issue.

All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2014:1956. The text 
# itself is copyright (C) Red Hat, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79711);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2014-3686");
  script_bugtraq_id(70396);
  script_xref(name:"RHSA", value:"2014:1956");

  script_name(english:"RHEL 7 : wpa_supplicant (RHSA-2014:1956)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"An updated wpa_supplicant package that fixes one security issue is now
available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate
security impact. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available from the
CVE link in the References section.

The wpa_supplicant package contains an 802.1X Supplicant with support
for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP
authentication methods. It implements key negotiation with a WPA
Authenticator for client stations and controls the roaming and IEEE
802.11 authentication and association of the WLAN driver.

A command injection flaw was found in the way the wpa_cli utility
executed action scripts. If wpa_cli was run in daemon mode to execute
an action script (specified using the -a command line option), and
wpa_supplicant was configured to connect to a P2P group, malicious P2P
group parameters could cause wpa_cli to execute arbitrary code.
(CVE-2014-3686)

Red Hat would like to thank Jouni Malinen for reporting this issue.

All wpa_supplicant users are advised to upgrade to this updated
package, which contains a backported patch to correct this issue."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2014:1956"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2014-3686"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.4");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.6");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7.7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2014/10/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2014:1956";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"wpa_supplicant-2.0-13.el7_0")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"wpa_supplicant-2.0-13.el7_0")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"s390x", reference:"wpa_supplicant-debuginfo-2.0-13.el7_0")) flag++;

  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"wpa_supplicant-debuginfo-2.0-13.el7_0")) flag++;


  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wpa_supplicant / wpa_supplicant-debuginfo");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxwpa_supplicantp-cpe:/a:redhat:enterprise_linux:wpa_supplicant
redhatenterprise_linuxwpa_supplicant-debuginfop-cpe:/a:redhat:enterprise_linux:wpa_supplicant-debuginfo
redhatenterprise_linux7cpe:/o:redhat:enterprise_linux:7
redhatenterprise_linux7.3cpe:/o:redhat:enterprise_linux:7.3
redhatenterprise_linux7.4cpe:/o:redhat:enterprise_linux:7.4
redhatenterprise_linux7.5cpe:/o:redhat:enterprise_linux:7.5
redhatenterprise_linux7.6cpe:/o:redhat:enterprise_linux:7.6
redhatenterprise_linux7.7cpe:/o:redhat:enterprise_linux:7.7

Related

nessus 19
suse 1
fedora 6
securityvulns 2
openvas 15
cvelist 1
prion 1
ubuntu 1
debiancve 1
centos 1
debian 3
osv 2
slackware 1
cve 1
oraclelinux 2
archlinux 1
nvd 1
ubuntucve 1
mageia 1
redhat 1
gentoo 1
nessus
nessus
Fedora 19 : hostapd-2.0-5.fc19 (2014-13778)
2014-11-07 00:00:00
openSUSE Security Update : wpa_supplicant (openSUSE-SU-2014:1314-1)
2014-10-23 00:00:00
Fedora 21 : hostapd-2.3-1.fc21 (2014-13608)
2014-11-03 00:00:00
suse
suse
Security update for wpa_supplicant (important)
2014-11-04 22:04:46
fedora
fedora
[SECURITY] Fedora 20 Update: hostapd-2.3-1.fc20
2014-11-07 02:40:32
[SECURITY] Fedora 19 Update: hostapd-2.0-5.fc19
2014-11-07 02:35:46
[SECURITY] Fedora 20 Update: wpa_supplicant-2.0-12.fc20
2014-10-29 11:05:19
securityvulns
securityvulns
[USN-2383-1] wpa_supplicant vulnerability
2014-10-15 00:00:00
wpa_supplicant shell characters vulnerability
2014-10-15 00:00:00
openvas
openvas
Slackware: Security Advisory (SSA:2014-344-07)
2022-04-21 00:00:00
Fedora Update for hostapd FEDORA-2014-13778
2014-11-07 00:00:00
Fedora Update for wpa_supplicant FEDORA-2014-13555
2014-10-30 00:00:00
cvelist
cvelist
CVE-2014-3686
2014-10-16 00:00:00
prion
prion
Design/Logic Flaw
2014-10-16 00:55:00
ubuntu
ubuntu
wpa_supplicant vulnerability
2014-10-14 00:00:00
debiancve
debiancve
CVE-2014-3686
2014-10-16 00:55:05
centos
centos
wpa_supplicant security update
2014-12-04 13:38:10
debian
debian
[SECURITY] [DSA 3052-1] wpa security update
2014-10-16 04:02:40
[SECURITY] [DLA 147-1] wpasupplicant security update
2015-02-06 23:39:53
[SECURITY] [DSA 3052-1] wpa security update
2014-10-16 04:02:40
osv
osv
wpasupplicant - security update
2015-02-07 00:00:00
wpa - security update
2014-10-15 00:00:00
slackware
slackware
[slackware-security] wpa_supplicant
2014-12-11 04:12:54
cve
cve
CVE-2014-3686
2014-10-16 00:55:05
oraclelinux
oraclelinux
wpa_supplicant security update
2014-12-03 00:00:00
wpa_supplicant security and enhancement update
2015-06-11 00:00:00
archlinux
archlinux
wpa_supplicant, hostapd: Arbitrary command execution
2014-10-20 00:00:00
nvd
nvd
CVE-2014-3686
2014-10-16 00:55:05
ubuntucve
ubuntucve
CVE-2014-3686
2014-10-09 00:00:00
mageia
mageia
Updated wpa_supplicant and hostapd packages fix security vulnerability
2014-10-28 14:33:36
redhat
redhat
(RHSA-2014:1956) Moderate: wpa_supplicant security update
2014-12-03 00:00:00
gentoo
gentoo
hostapd and wpa_supplicant: Multiple vulnerabilities
2016-06-27 00:00:00

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

87.3%

JSON
Related for REDHAT-RHSA-2014-1956.NASL
nessus19suse1fedora6securityvulns2openvas15cvelist1prion1ubuntu1debiancve1centos1debian3osv2slackware1cve1oraclelinux2archlinux1nvd1ubuntucve1mageia1redhat1gentoo1