An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. (CVE-2015-4142)
This update includes the following enhancement :
After installing this update, the wpa_supplicant service will be restarted automatically.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text is (C) Scientific Linux.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(85209);
script_version("2.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");
script_cve_id("CVE-2015-4142");
script_name(english:"Scientific Linux Security Update : wpa_supplicant on SL6.x i386/x86_64 (20150722)");
script_summary(english:"Checks rpm output for the updated packages");
script_set_attribute(
attribute:"synopsis",
value:
"The remote Scientific Linux host is missing one or more security
updates."
);
script_set_attribute(
attribute:"description",
value:
"An integer underflow flaw, leading to a buffer over-read, was found in
the way wpa_supplicant handled WMM Action frames. A specially crafted
frame could possibly allow an attacker within Wi-Fi radio range to
cause wpa_supplicant to crash. (CVE-2015-4142)
This update includes the following enhancement :
- Prior to this update, wpa_supplicant did not provide a
way to require the host name to be listed in an X.509
certificate's Common Name or Subject Alternative Name,
and only allowed host name suffix or subject substring
checks. This update introduces a new configuration
directive, 'domain_match', which adds a full host name
check.
After installing this update, the wpa_supplicant service will be
restarted automatically."
);
# https://listserv.fnal.gov/scripts/wa.exe?A2=ind1508&L=scientific-linux-errata&F=&S=&P=1067
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?84b7c7f0"
);
script_set_attribute(
attribute:"solution",
value:
"Update the affected wpa_supplicant and / or wpa_supplicant-debuginfo
packages."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:fermilab:scientific_linux");
script_set_attribute(attribute:"vuln_publication_date", value:"2015/06/15");
script_set_attribute(attribute:"patch_publication_date", value:"2015/07/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2015/08/04");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Scientific Linux Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Scientific Linux " >!< release) audit(AUDIT_HOST_NOT, "running Scientific Linux");
os_ver = pregmatch(pattern: "Scientific Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Scientific Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Scientific Linux 6.x", "Scientific Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Scientific Linux", cpu);
flag = 0;
if (rpm_check(release:"SL6", reference:"wpa_supplicant-0.7.3-6.el6")) flag++;
if (rpm_check(release:"SL6", reference:"wpa_supplicant-debuginfo-0.7.3-6.el6")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "wpa_supplicant / wpa_supplicant-debuginfo");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fermilab | scientific_linux | wpa_supplicant | p-cpe:/a:fermilab:scientific_linux:wpa_supplicant |
fermilab | scientific_linux | wpa_supplicant-debuginfo | p-cpe:/a:fermilab:scientific_linux:wpa_supplicant-debuginfo |
fermilab | scientific_linux | x-cpe:/o:fermilab:scientific_linux |