GLSA Bodhisattva
Joined: 17 Apr 2002 Posts: 2602 Location: Baltimore, MD
|
Posted: Wed Feb 16, 2005 7:32 pm Post subject: [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerabi |
|
|
Gentoo Linux Security Advisory
Title: wpa_supplicant: Buffer overflow vulnerability (GLSA 200502-22)
Severity: normal
Exploitable: remote
Date: February 16, 2005
Updated: May 22, 2006
Bug(s): #81993
ID: 200502-22
Synopsis
wpa_supplicant contains a buffer overflow that could lead to a Denial of Service.
Background
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN).
Affected Packages
Package: net-wireless/wpa_supplicant
Vulnerable: < 0.2.7
Unaffected: >= 0.2.7
Architectures: All supported architectures
Description
wpa_supplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames.
Impact
An attacker could cause the crash of wpa_supplicant using a specially crafted packet.
Workaround
There is no known workaround at this time.
Resolution
All wpa_supplicant users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7" |
References
wpa_supplicant Announcement
CVE-2005-0470
Last edited by GLSA on Sun Jul 30, 2006 4:17 am; edited 4 times in total |
|