Linux Distros Unpatched Vulnerability : CVE-2016-4476

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - hostapd 0.6.7 through 2.5 and wpasupplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to caus...

RHEL 7 : wpa_supplicant (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wpasupplicant: local configuration update allows privilege escalation CVE-2016-4477 - hostapd 0.6.7 throu...

RHEL 7 : wpa_supplicant,_hostapd (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - wpasupplicant, hostapd: denial of service via crafted WPA/WPA2 passphrase parameter CVE-2016-4476 Note that Nessus...

Debian: Security Advisory (DLA-473-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-3455-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS : wpa_supplicant and hostapd vulnerabilities (USN-3455-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3455-1 advisory. Mathy Vanhoef discovered that wpasupplicant and hostapd incorrectly handled WPA2. A remote attacker could use this issue with key...

[ASA-201610-7] wpa_supplicant: multiple issues

Arch Linux Security Advisory ASA-201610-7 ========================================= Severity: High Date : 2016-10-08 CVE-ID : CVE-2016-4476 CVE-2016-4477 Package : wpasupplicant Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package...

Updated wpa_supplicant packages fix security vulnerabilities

Updated wpasuppliant packages fix security vulnerabilities: A vulnerability was found in how wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or...

FreeBSD : hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written (967b852b-1e28-11e6-8dd3-002590263bf5)

Jouni Malinen reports : psk configuration parameter update allowing arbitrary data to be written 2016-1 - CVE-2016-4476/CVE-2016-4477. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database :...

Debian DLA-473-1 : wpa security update

A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters either through a WPS operation CVE-2016-4476 or through local configuration change over the...

[SECURITY] [DLA 473-1] wpa security update

Package : wpa Version : 1.0-3+deb7u4 CVE ID : CVE-2016-4476 CVE-2016-4477 Debian Bug : 823411 A vulnerability was found in how hostapd and wpasupplicant writes the configuration file update for the WPA/WPA2 passphrase parameter. If this parameter has been updated to include control characters...

DLA-473-1 wpa - security update

Bulletin has no description...

CVE-2016-4476

hostapd 0.6.7 through 2.5 and wpasupplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service daemon outage via a crafted WPS operation...

CVE-2016-4476

CVE-2016-4476 details (normal mode) Affected: hostapd up to 2.5 and wpa_supplicant up to 2.5 (examples in Arch, Mageia, Debian advisories) where passphrase parameters are not rejected for newline/CR characters during WPS operations or local config changes. Impact: remote attacker can cause a deni...

CVE-2016-4476

hostapd 0.6.7 through 2.5 and wpasupplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service daemon outage via a crafted WPS operation...