Critical Juniper Bug Allows DoS, RCE Against Carrier Networks

A critical remote code-execution vulnerability in Juniper Networks’ Steel-Belted Radius SBR Carrier Edition lays open wireless carrier and fixed operator networks to tampering. The SBR Carrier server is used by telecom carriers to manage policies for how subscribers access their networks – by...

PT-2021-3765 · Juniper Networks · Sbr Carrier

Name of the Vulnerable Software and Affected Versions: Juniper Networks SBR Carrier versions 8.4.1 through 8.4.1R18 Juniper Networks SBR Carrier versions 8.5.0 through 8.5.0R9 Juniper Networks SBR Carrier versions 8.6.0 through 8.6.0R3 Description: The issue is caused by a stack-based buffer...

The vulnerability in the implementation of the Extensible Authentication Protocol over LAN (EAPOL) on the NetBSD operating system allows a perpetrator to induce a service failure.

The vulnerability of the Extensible Authentication Protocol over LAN EAPOL implementation in the NetBSD operating system is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to cause service failures...

DEBIAN-CVE-2020-26139

An issue was discovered in the kernel in NetBSD 7.1. An Access Point AP forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients an...

OESA-2021-1132 wireshark security update

Wireshark is an open source tool for profiling network traffic and analyzing packets. Such a tool is often referred to as a network analyzer, network protocol analyzer or sniffer. Wireshark, formerly known as Ethereal, can be used to examine the details of traffic at a variety of levels ranging...

DEBIAN-CVE-2020-17497

eapol.c in iNet wireless daemon IWD through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4...

The vulnerability of the eap_request and eap_response functions in the PPP (Point-to-Point Protocol) daemon pppd allows a attacker to cause a service failure or execute arbitrary code.

The vulnerability of the eaprequest and eapresponse functions in the PPP Point-to-Point Protocol daemon pppd protocol is related to buffer overflow vulnerabilities. Exploiting this vulnerability can allow a malicious actor to cause service failures or execute arbitrary code using a specially...

ppp: Buffer overflow in the eap_request and eap_response functions in eap.c

A buffer overflow flaw was found in the ppp package in versions 2.4.2 through 2.4.8. The bounds check for the rhostname was improperly constructed in the EAP request and response functions which could allow a buffer overflow to occur. Data confidentiality and integrity, as well as system...

The vulnerability of the wpa_supplicant function in the EAP hostapd server allows a hacker to induce a service failure.

The vulnerability of the wpasupplicant function in the EAP hostapd server is related to errors during the verification of the recompilation of the fragmentation fragment. Exploiting this vulnerability can allow a malicious actor to cause service failure...

Debian DSA-4632-1 : ppp - security update

Ilja Van Sprundel reported a logic flaw in the Extensible Authentication Protocol EAP packet parser in the Point-to-Point Protocol Daemon pppd. An unauthenticated attacker can take advantage of this flaw to trigger a stack-based buffer overflow, leading to denial of service pppd daemon crash. C...

[SECURITY] [DSA 4632-1] ppp security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4632-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 22, 2020 https://www.debian.org/security/faq -...

ALPINE-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

UBUNTU-CVE-2020-8597

eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eaprequest and eapresponse functions...

PPP Buffer Overflow Vulnerability

PPP is a data link protocol that establishes a direct point-to-point connection. A buffer overflow vulnerability exists in the 'eaprequest' and 'eapresponse ' functions in PPP versions 2.4.2 through 2.4.8. The vulnerability stems from a network system or product performing operations in memory...

PT-2020-1777

Name of the Vulnerable Software and Affected Versions ppp versions 2.4.2 through 2.4.8 Description The issue is related to buffer overflow errors in the eap request and eap response functions of the pppd daemon in the Point-to-Point Protocol PPP. Exploitation of this issue may allow a remote...

Exploit for CVE-2019-12586

ESP32/ESP8266 Wi-Fi Attacks This repository is part of a re...

The vulnerability of the EAP Server component of the EAP-PWD certification protocol for wireless communication devices with WPA encryption lies in the improper use of privileges, allowing attackers to compromise data integrity and confidentiality or cause service failures.

The vulnerability of the EAP Server component of the EAP-PWD protocol for wireless communication devices certified by WPA is related to the lack of explicit checks on imported elements. These imported elements do not undergo verification of scalar values and values of elements in the...

The vulnerability of the wpa_supplicant component of the EAP-PWD protocol in wireless communication devices certified by WPA allows attackers to compromise the integrity and confidentiality of data, as well as cause service failures. This vulnerability is related to incorrect authentication procedures.

The vulnerability of the wpasupplicant component of the EAP-PWD protocol in wireless communication devices certified for WPA is related to the failure of the EAP-PWD authentication process without obtaining a password. Exploiting this vulnerability allows an attacker to compromise the integrity a...

ALPINE-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...

DEBIAN-CVE-2019-9498

The implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may be able to use invalid scalar/element values to complete authentication,...