CVE-2006-5601: Buffer Overflow
First published: Sat Oct 28 2006(Updated: )
Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| wpa_supplicant | =0.7 | |
| wpa_supplicant | =1.2pre1 | |
| wpa_supplicant | =1.0pre1 | |
| wpa_supplicant | =0.5 | |
| wpa_supplicant | =1.0.1 | |
| wpa_supplicant | =1.2.2 | |
| wpa_supplicant | =1.2 | |
| wpa_supplicant | =0.8b | |
| wpa_supplicant | =1.0 | |
| wpa_supplicant | =1.2.3 | |
| wpa_supplicant | =1.2.4 | |
| wpa_supplicant | =0.6 | |
| wpa_supplicant | <=1.2.5 | |
| wpa_supplicant | =1.2.1 | |
| wpa_supplicant | =0.8 | |
| wpa_supplicant | =1.0pre2 | |
| <=1.2.5 | ||
| =0.5 | ||
| =0.6 | ||
| =0.7 | ||
| =0.8 | ||
| =0.8b | ||
| =1.0 | ||
| =1.0.1 | ||
| =1.0pre1 | ||
| =1.0pre2 | ||
| =1.2 | ||
| =1.2.1 | ||
| =1.2.2 | ||
| =1.2.3 | ||
| =1.2.4 | ||
| =1.2pre1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/20775
- http://open1x.cvs.sourceforge.net/open1x/xsupplicant/src/eap.c?r1=1.135&r2=1.136
- http://secunia.com/advisories/22612
- http://secunia.com/advisories/22641
- http://www.novell.com/linux/security/advisories/2007_01_sr.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:189
- http://www.vupen.com/english/advisories/2006/4233
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29902
Frequently Asked Questions
What is the severity of CVE-2006-5601?
CVE-2006-5601 has a high severity due to its stack-based buffer overflow vulnerability that can allow remote code execution.
How do I fix CVE-2006-5601?
To fix CVE-2006-5601, update xsupplicant to version 1.2.6 or later.
Who is affected by CVE-2006-5601?
Users of xsupplicant versions before 1.2.6 are affected by CVE-2006-5601.
What type of vulnerability is CVE-2006-5601?
CVE-2006-5601 is a stack-based buffer overflow vulnerability.
What might an attacker achieve with CVE-2006-5601?
An attacker could execute arbitrary code on a vulnerable system due to CVE-2006-5601.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- vendor/xsupplicant
- canonical/wpa_supplicant
- version/wpa_supplicant/0.7
- version/wpa_supplicant/1.2pre1
- version/wpa_supplicant/1.0pre1
- version/wpa_supplicant/0.5
- version/wpa_supplicant/1.0.1
- version/wpa_supplicant/1.2.2
- version/wpa_supplicant/1.2
- version/wpa_supplicant/0.8b
- version/wpa_supplicant/1.0
- version/wpa_supplicant/1.2.3
- version/wpa_supplicant/1.2.4
- version/wpa_supplicant/0.6
- version/wpa_supplicant/1.2.5
- version/wpa_supplicant/1.2.1
- version/wpa_supplicant/0.8
- version/wpa_supplicant/1.0pre2