Denial of service in hostapd (Alpine package)
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2016-4476 |
| CWE-ID | CWE-88 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
hostapd (Alpine package) Operating systems & Components / Operating system package or component |
| Vendor | Alpine Linux Development Team |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Denial of service
EUVDB-ID: #VU832
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4476
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Install update from vendor's website.
Vulnerable software versionshostapd (Alpine package): 2.3-r1
External linkshttp://git.alpinelinux.org/aports/commit/?id=ca078d6aac05d0fb304ddb80568e15359fec83db
http://git.alpinelinux.org/aports/commit/?id=6accf4596e89dcb7b86120055f9bdbf781b15bc0
http://git.alpinelinux.org/aports/commit/?id=3aeb57ec96caa3b0c85bc950e5fd36f43bcd48fe
http://git.alpinelinux.org/aports/commit/?id=a2dcdd15792e8717e6b73abca56c08bd165e93ab
http://git.alpinelinux.org/aports/commit/?id=b4524773c4a5e380611753a5beca87c6791538c8
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
