Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-4144

Опубликовано: 15 июн. 2015
Источник: debian

Описание

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
wpafixed2.3-2.2package
wpanot-affectedwheezypackage
wpasupplicantnot-affectedpackage
hostapdnot-affectedpackage

Примечания

  • support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93

  • http://w1.fi/security/2015-4/

  • http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt

  • http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch

  • http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch

  • https://www.openwall.com/lists/oss-security/2015/05/07/5

Связанные уязвимости

ubuntu логотип

CVE-2015-4144

ubuntu
больше 10 лет назад

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

redhat логотип

CVE-2015-4144

redhat
почти 11 лет назад

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

nvd логотип

CVE-2015-4144

nvd
больше 10 лет назад

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

github логотип

GHSA-c7g5-57m7-29v3

github
больше 3 лет назад

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.

fstec логотип

BDU:2015-12095

fstec
больше 10 лет назад

Уязвимость операционной системы openSUSE, клиента защищённого доступа Wi-Fi WPA Supplicant, программной точки доступа Jouni Malinen Hostapd, позволяющая нарушителю вызвать отказ в обслуживании