Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 7 May 2015 15:15:07 +0300
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Jouni Malinen <j@...fi>
Subject: Re: CVE request: vulnerability in wpa_supplicant and hostapd

On Thu, May 07, 2015 at 01:58:27PM +0200, Martin Prpic wrote:
> Hi, I don't see a CVE assigned for this anywhere:
> 
> http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
> 
> "EAP-pwd missing payload length validation
> 
> A vulnerability was found in EAP-pwd server and peer implementation used
> in hostapd and wpa_supplicant, respectively. The EAP-pwd/Commit and
> EAP-pwd/Confirm message payload is processed without verifying that the
> received frame is long enough to include all the fields. This results in
> buffer read overflow of up to couple of hundred bytes."
> 
> Patches are included in: http://w1.fi/security/2015-4/

There are currently 5 sets of advisories+patches at:

http://w1.fi/security/

These are numbered 2014-1, 2015-[1234].  Out of them, it appears that
only 2014-1 (CVE-2014-3686) and 2015-1 (CVE-2015-1863) have been on
oss-security so far:

http://www.openwall.com/lists/oss-security/2014/10/09/28
http://www.openwall.com/lists/oss-security/2015/04/22/8

I haven't looked into this closely, but maybe Martin's request should
be for 2015-[234] rather than only for 2015-4.

And I'd like to see the full advisories posted in here so that they are
preserved in the list archives, unless there's a reason not to.  Jouni?

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ