Описание
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
Отчет
Red Hat Virtualization images include wpa_supplicant as a component from the base Red Hat Enterprise Linux operating system, but use of Red Hat Virtualization on a wireless network is neither recommended nor supported. A future update may address this issue. This issue affects the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 6 and 7. Red Hat Enterprise Linux 6 is now in Maintenance Support 2 Phase of the support and maintenance life cycle. This has been rated as having a security impact of Moderate, and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | wpa_supplicant | Will not fix | ||
| Red Hat Enterprise Linux 6 | wpa_supplicant | Will not fix | ||
| Red Hat Enterprise Linux 8 | wpa_supplicant | Not affected | ||
| Red Hat Virtualization 4 | wpa_supplicant | Will not fix | ||
| Red Hat Enterprise Linux 7 | wpa_supplicant | Fixed | RHSA-2018:3107 | 30.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.3 High
CVSS3
Связанные уязвимости
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 through 2.6. Under certain conditions, the integrity of EAPOL-Key messages is not checked, leading to a decryption oracle. An attacker within range of the Access Point and client can abuse the vulnerability to recover sensitive information.
An issue was discovered in rsn_supp/wpa.c in wpa_supplicant 2.0 throug ...
EPSS
8.3 High
CVSS3