Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

CentOS Update for wpa_supplicant CESA-2015:1090 centos7

Information

Severity

Severity

Medium

Family

Family

CentOS Local Security Checks

CVSSv2 Base

CVSSv2 Base

5.8

CVSSv2 Vector

CVSSv2 Vector

AV:A/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Solution Type

Vendor Patch

Created

Created

8 years ago

Modified

Modified

5 years ago

Summary

Check the version of wpa_supplicant

Insight

Insight

The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 (IEEE 802.11i / RSN), and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A buffer overflow flaw was found in the way wpa_supplicant handled SSID information in the Wi-Fi Direct / P2P management frames. A specially crafted frame could allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash or, possibly, execute arbitrary code. (CVE-2015-1863) An integer underflow flaw, leading to a buffer over-read, was found in the way wpa_supplicant handled WMM Action frames. A specially crafted frame could possibly allow an attacker within Wi-Fi radio range to cause wpa_supplicant to crash. (CVE-2015-4142) Red Hat would like to thank Jouni Malinen of the wpa_supplicant upstream for reporting the CVE-2015-1863 issue. Upstream acknowledges Alibaba security team as the original reporter. This update also adds the following enhancement: * Prior to this update, wpa_supplicant did not provide a way to require the host name to be listed in an X.509 certificate's Common Name or Subject Alternative Name, and only allowed host name suffix or subject substring checks. This update introduces a new configuration directive, 'domain_match', which adds a full host name check. (BZ#1178263) All wpa_supplicant users are advised to upgrade to this updated package, which contains backported patches to correct these issues and add this enhancement. After installing this update, the wpa_supplicant service will be restarted automatically.

Affected Software

Affected Software

wpa_supplicant on CentOS 7

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Please install the updated packages.

Common Vulnerabilities and Exposures (CVE)