|
|
Subscribe / Log in / New account

wpa: two vulnerabilities

Package(s):wpa CVE #(s):CVE-2016-4476 CVE-2016-4477
Created:May 16, 2016 Updated:October 10, 2016
Description: From the CVE entries:

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation. (CVE-2016-4476)

wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters in passphrase parameters, which allows local users to trigger arbitrary library loading and consequently gain privileges, or cause a denial of service (daemon outage), via a crafted (1) SET, (2) SET_CRED, or (3) SET_NETWORK command. (CVE-2016-4477)

Alerts:
Arch Linux ASA-201610-7 wpa_supplicant 2016-10-08
Arch Linux ASA-201610-3 hostapd 2016-10-04
Mageia MGASA-2016-0199 wpa_supplicant 2016-05-22
Debian-LTS DLA-473-1 wpa 2016-05-14
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds