Lucene search

K

Ubuntu.comUB:CVE-2015-4143

HistoryJun 01, 2015 - 12:00 a.m.

CVE-2015-4143

2015-06-0100:00:00

ubuntu.com

ubuntu.com

8

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.8%

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant
1.0 through 2.4 allows remote attackers to cause a denial of service
(out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm
message payload.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787371>

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchwpa< 2.1-0ubuntu1.3UNKNOWN
ubuntu14.10noarchwpa< 2.1-0ubuntu4.2UNKNOWN
ubuntu15.04noarchwpa< 2.1-0ubuntu7.2UNKNOWN

References

w1.fi/security/2015-4/

w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch

w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch

w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

www.openwall.com/lists/oss-security/2015/05/07/5

www.openwall.com/lists/oss-security/2015/05/31/6

launchpad.net/bugs/cve/CVE-2015-4143

nvd.nist.gov/vuln/detail/CVE-2015-4143

security-tracker.debian.org/tracker/CVE-2015-4143

ubuntu.com/security/notices/USN-2650-1

www.cve.org/CVERecord?id=CVE-2015-4143

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.024 Low

EPSS

Percentile

89.8%

Related for UB:CVE-2015-4143

prion1 debiancve1 cve1 nessus11 openvas6 securityvulns2 archlinux1 freebsd1 ubuntu1 gentoo1 debian2 osv1 suse3