Joined: 17 Apr 2002
Location: Baltimore, MD
|Posted: Wed Feb 16, 2005 7:32 pm Post subject: [ GLSA 200502-22 ] wpa_supplicant: Buffer overflow vulnerabi
|Gentoo Linux Security Advisory
Title: wpa_supplicant: Buffer overflow vulnerability (GLSA 200502-22)
Date: February 16, 2005
Updated: May 22, 2006
wpa_supplicant contains a buffer overflow that could lead to a Denial of Service.
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN).
Vulnerable: < 0.2.7
Unaffected: >= 0.2.7
Architectures: All supported architectures
wpa_supplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames.
An attacker could cause the crash of wpa_supplicant using a specially crafted packet.
There is no known workaround at this time.
All wpa_supplicant users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7"
Last edited by GLSA on Sun Jul 30, 2006 4:17 am; edited 4 times in total