9 matches found
Debian DSA-3397-1 : wpa - security update
Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...
Ubuntu: Security Advisory (USN-2650-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Ubuntu 14.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-2650-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2650-1 advisory. Kostya Kortchinsky discovered multiple flaws in wpasupplicant and hostapd. A remote attacker could use these issues to cause wpasupplicant or hostapd to...
USN-2650-1 wpa, wpasupplicant vulnerabilities
Kostya Kortchinsky discovered multiple flaws in wpasupplicant and hostapd. A remote attacker could use these issues to cause wpasupplicant or hostapd to crash, resulting in a denial of service. CVE-2015-4141, CVE-2015-4142, CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...
CVE-2015-4144
CVE-2015-4144 affects hostapd and wpa_supplicant EAP-pwd server/peer implementations (versions 1.0–2.4). The issue is missing validation that a message is long enough to contain the Total-Length field, enabling a remote attacker to trigger a denial of service (crash) via crafted messages. The lin...
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
UBUNTU-CVE-2015-4144
The EAP-pwd server and peer implementation in hostapd and wpasupplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service crash via a crafted message...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...