Date: Tue, 3 May 2016 01:29:28 -0400 (EDT) From: cve-assign@...re.org To: j@...fi Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: hostapd/wpa_supplicant - psk configuration parameter update allowing arbitrary data to be written -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > Identifier: related to CVE-2016-2447 We understand the existence of the CVE-2016-2447 ID in http://source.android.com/security/bulletin/2016-05-01.html and that the reports credit Imre Rad; however, there are different exploitation scenarios that affect different versions from the perspective of hostapd/wpa_supplicant, and thus it is probably simplest for most people to have separate hostapd/wpa_supplicant CVE IDs. > WPA/WPA2 passphrase parameter ... to include control characters > The WPS trigger for this requires local user action to authorize the WPS > operation in which a new configuration would be received. The attacker > would also need to be in radio range of the device or have access to the > IP network to act as a WPS External Registrar. Such an attack could > result in denial of service by not allowing hostapd or wpa_supplicant to > start after they have been stopped. > > wpa_supplicant v0.6.7-v2.5 with CONFIG_WPS build option enabled > hostapd v0.6.7-v2.5 with CONFIG_WPS build option enabled Use CVE-2016-4476. > The local configuration update through the control interface SET_NETWORK > command could allow privilege escalation for the local user to run code > from a locally stored library file > > ... SET_CRED or SET commands, similar issue ... > > wpa_supplicant v0.4.0-v2.5 with control interface enabled Use CVE-2016-4477. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXKDatAAoJEHb/MwWLVhi2mqQQALY+roiB6xee2Ux/cpcPcVC0 jOTKd+hEVHKojwM0C0740Og5ruVwQnSF8L4ggrcSIlRw+rLa2zvyCz56HFLaO7VK UetNHBJej0XmLJBJBeg/BP+zZXLzym2ptjiQBW3FZorNoTE+baRxRUXGd14MSnOZ 7f00/E3omjRMm4+QutmiXL/iVARNYwdy2dYeeJfEFEw05l/YFjb/ozMjWIYvepEp sxxtaxuSTPnMMlMfbhb/EvpvxnCTw6SZBbz1mA9i48ex3VT2VFmuRBiAZa56pptU ghF4LeMhxmj2guc/G14To3VFc9Pj/Xd8qqMtk1E7n3Wg5ESd41ocFN6frav5MNDM PoyemIa86Z86d/dxlAd7GLMBDSrKN3Sgk/ENbUNyCIdCsFWIX9FPvipigZliiO9X KeMS5zAVqou8Cfq16VqtlsjIRq7cd0JwRWqzI3AvhMCyZz1FBVaQAe002grrs+TS 60ozbevL9AbtaCYvMIS4zE5kQAvbpPz6MWrwJMcv5NFbWLTB1+iHBkd9AB3N7Q4u ba/fY8RB244bmu37+vgSunkamEmRHLoGx8byUTUXtKP0Yc0lFvartdRjQncS2qlZ bzYhvTlR8QOJMgE+7Qf6aQhG0kwOMOrWN6IdIUGo8I5tTscZ+wtlICfiaH2/kEcw RBngwj4bI80CX0bZT6gV =f9JF -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ