First published: Fri Oct 10 2014(Updated: )
Jouni Malinen discovered that a string supplied from a remote device could be supplied to a system() call in wpa_cli or hostapd_cli when running an action script (with the "-a" option), resulting in arbitrary command execution. This issue could also be triggered by an attacker within radio range. Patches are available from the following: <a href="http://w1.fi/security/2014-1/">http://w1.fi/security/2014-1/</a> Based on the information about affected configurations in the upstream advisory, Red Hat Enterprise Linux 5 is likely to be not vulnerable, but Red Hat Enterprise Linux 6 and 7 are likely to be vulnerable. Acknowledgements: Red Hat would like to thank Jouni Malinen for reporting this issue. References: <a href="http://w1.fi/security/2014-1/">http://w1.fi/security/2014-1/</a> <a href="http://www.openwall.com/lists/oss-security/2014/10/09/28">http://www.openwall.com/lists/oss-security/2014/10/09/28</a>
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
W1.fi Hostapd | =0.7.2 | |
W1.fi Hostapd | =1.0 | |
W1.fi Hostapd | =1.1 | |
W1.fi Hostapd | =2.0 | |
W1.fi Hostapd | =2.1 | |
W1.fi Hostapd | =2.2 | |
W1.fi Wpa Supplicant | =0.72 | |
W1.fi Wpa Supplicant | =1.0 | |
W1.fi Wpa Supplicant | =1.1 | |
W1.fi Wpa Supplicant | =2.0 | |
W1.fi Wpa Supplicant | =2.1 | |
W1.fi Wpa Supplicant | =2.2 | |
Canonical Ubuntu Linux | =10.04 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Debian Debian Linux | =6.0 | |
redhat/wpa_supplicant | <2.3 | 2.3 |
redhat/hostapd | <2.3 | 2.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.