[ASA-201610-7] wpa_supplicant: multiple issues
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2016-4476 CVE-2016-4477 |
| CWE-ID | CWE-88 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Arch Linux Operating systems & Components / Operating system |
| Vendor | Arch Linux |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Denial of service
EUVDB-ID: #VU832
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4476
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected package to version 1
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-201610-7
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Privilege Escalation
EUVDB-ID: #VU833
Risk: Low
CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4477
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain elevated privileges on the target system.
The weakness exists due to access control error. Updating of the local configuration through the control interface
SET_NETWORK command lets attackers to run code from a localy strored library file under the same privileges as the wpa _supplicant process has.
Successful exploitation of the vulnerability results in privilege escalation on the vulnerable system.
Update the affected package to version 1
Vulnerable software versionsArch Linux: All versions
External linkshttp://security.archlinux.org/advisory/ASA-201610-7
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
