Date: Tue, 10 Nov 2015 19:50:20 +0200 From: Jouni Malinen <j@...fi> To: oss-security@...ts.openwall.com Subject: wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message EAP-pwd peer error path failure on unexpected Confirm message Published: November 10, 2015 Identifier: CVE-2015-5316 Latest version available from: http://w1.fi/security/2015-8/ Vulnerability A vulnerability was found in EAP-pwd peer implementation used in wpa_supplicant. If an EAP-pwd Confirm message is received unexpectedly before the Identity exchange, the error path processing ended up dereferencing a NULL pointer and terminating the process. For wpa_supplicant with EAP-pwd enabled in a network configuration profile, this could allow a denial of service attack by an attacker within radio range. Vulnerable versions/configurations wpa_supplicant v2.3-v2.5 with CONFIG_EAP_PWD=y in the build configuration (wpa_supplicant/.config) and EAP-pwd enabled in a network profile at runtime. Possible mitigation steps - Merge the following commits and rebuild wpa_supplicant: EAP-pwd peer: Fix error path for unexpected Confirm message This patch is available from http://w1.fi/security/2015-8/ - Update to wpa_supplicant v2.6 or newer, once available - Remove CONFIG_EAP_PWD=y from build configuration - Disable EAP-pwd in runtime configuration -- Jouni Malinen PGP id EFC895FA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.