7 matches found
Debian DSA-3397-1 : wpa - security update
Several vulnerabilities have been discovered in wpasupplicant and hostapd. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2015-4141 Kostya Kortchinsky of the Google Security Team discovered a vulnerability in the WPS UPnP function with HTTP chunked...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: wpasupplicant unauthorized WNM Sleep Mode GTK control. 2015-6 - CVE-2015-5310 EAP-pwd missing last fragment length validation. 2015-7 - CVE-2015-5315 EAP-pwd peer error path failure on unexpected Confirm message. 2015-8 - CVE-2015-5316...
wpa_supplicant -- WPS_NFC option payload length validation vulnerability
Jouni Malinen reports: Incomplete WPS and P2P NFC NDEF record payload length validation. 2015-5...
hostapd and wpa_supplicant -- multiple vulnerabilities
Jouni Malinen reports: WPS UPnP vulnerability with HTTP chunked transfer encoding. 2015-2 - CVE-2015-4141 Integer underflow in AP mode WMM Action frame processing. 2015-3 - CVE-2015-4142 EAP-pwd missing payload length validation. 2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146...
[USN-2383-1] wpa_supplicant vulnerability
========================================================================== Ubuntu Security Notice USN-2383-1 October 14, 2014 wpa, wpasupplicant vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its...
Ubuntu 14.04 LTS : wpa_supplicant vulnerability (USN-2383-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2383-1 advisory. Jouni Malinen discovered that the wpacli tool incorrectly sanitized strings when being used with action scripts. A remote attacker could possibly use this issue t...
USN-2383-1: wpa_supplicant vulnerability
Jouni Malinen discovered that the wpacli tool incorrectly sanitized strings when being used with action scripts. A remote attacker could possibly use this issue to execute arbitrary commands...