Lucene search

K
ubuntuUbuntuUSN-3944-1
HistoryApr 10, 2019 - 12:00 a.m.

wpa_supplicant and hostapd vulnerabilities

2019-04-1000:00:00
ubuntu.com
126

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%

Releases

  • Ubuntu 18.10
  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • wpa - client support for WPA and WPA2

Details

It was discovered that wpa_supplicant and hostapd were vulnerable to a
side channel attack against EAP-pwd. A remote attacker could possibly use
this issue to recover certain passwords. (CVE-2019-9495)

Mathy Vanhoef discovered that wpa_supplicant and hostapd incorrectly
validated received scalar and element values in EAP-pwd-Commit messages. A
remote attacker could possibly use this issue to perform a reflection
attack and authenticate without the appropriate password. (CVE-2019-9497,
CVE-2019-9498, CVE-2019-9499)

It was discovered that hostapd incorrectly handled obtaining random
numbers. In rare cases where the urandom device isn’t available, it would
fall back to using a low-quality PRNG. This issue only affected Ubuntu
14.04 LTS and Ubuntu 16.04 LTS. (CVE-2016-10743)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.10noarchhostapd< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchhostapd-dbgsym< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchwpagui< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchwpagui-dbgsym< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchwpasupplicant< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchwpasupplicant-dbgsym< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.10noarchwpasupplicant-udeb< 2:2.6-18ubuntu1.1UNKNOWN
Ubuntu18.04noarchhostapd< 2:2.6-15ubuntu2.2UNKNOWN
Ubuntu18.04noarchhostapd-dbgsym< 2:2.6-15ubuntu2.2UNKNOWN
Ubuntu18.04noarchwpagui< 2:2.6-15ubuntu2.2UNKNOWN
Rows per page:
1-10 of 301

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.1 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.012 Low

EPSS

Percentile

84.9%