ISS X-Force Database: wpasupplicant-bo(19357): wpa

wpa_supplicant buffer overflow

wpasupplicant-bo (19357)

Low Risk

Description:

wpa_supplicant is vulnerable to a denial of service attack, caused by a buffer overflow in the EAPOL-Key frames. A remote attacker could send a specially-crafted packet to wpa_supplicant to overflow a buffer and cause a segmentation fault or possibly cause the service to crash.

Platforms Affected:

Gentoo, Linux
Jouni Malinen, wpa_supplicant

Remedy:

Upgrade to the latest version of wpa_supplicant (0.3.8 or later), available from the wpa_supplicant Web page. See References.

— OR —

Apply the patch for this vulnerability, available from the wpa_supplicant - new stable release document dated Sun Feb 13 18:35:31 MST 2005 . See References.

For Gentoo Linux:
Upgrade to the latest version of wpa_supplicant (0.2.7 or later), as listed in GLSA 200502-22. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Denial of Service

References:

Bugzilla Bug 81993, net-wireless/wpa_supplicant buffer overflow at http://bugs.gentoo.org/show_bug.cgi?id=81993.
wpa_supplicant - new stable release document, Sun Feb 13 18:35:31 MST 2005, wpa_supplicant - new stable releases v0.3.8 and v0.2.7 at http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html.
wpa_supplicant Web page, Linux WPA/WPA2/IEEE 802.1X Supplicant at http://hostap.epitest.fi/wpa_supplicant/.
BID-12664: WPA_Supplicant Remote Buffer Overflow Vulnerability
CVE-2005-0470: Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
GLSA-200502-22: wpa_supplicant: Buffer overflow vulnerability
SA14313: wpa_supplicant EAPOL-Key Frames Buffer Overflow
SECTRACK ID: 1013226: wpa_supplicant Key Data Length Missing Validation Lets Remote Users Crash the Service

Reported:

Feb 16, 2005

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page