OpenSUSE Linux update for hostapd
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 15 |
| CVE-ID | CVE-2015-1863 CVE-2015-4141 CVE-2015-4142 CVE-2015-4143 CVE-2015-4144 CVE-2015-4145 CVE-2015-5314 CVE-2016-4476 CVE-2017-13078 CVE-2017-13079 CVE-2017-13080 CVE-2017-13081 CVE-2017-13087 CVE-2017-13088 |
| CWE-ID | CWE-122 CWE-119 CWE-399 CWE-88 CWE-320 CWE-264 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #9 is available. Public exploit code for vulnerability #10 is available. Public exploit code for vulnerability #12 is available. Public exploit code for vulnerability #13 is available. Public exploit code for vulnerability #14 is available. Public exploit code for vulnerability #15 is available. |
| Vulnerable software Subscribe |
Opensuse Operating systems & Components / Operating system |
| Vendor | SUSE |
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU32294
Risk: Medium
CVSSv3.1: 5.5 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-1863
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4. A remote attacker can use crafted SSID information in a management frame when creating or updating P2P entries. to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Heap-based buffer overflow
EUVDB-ID: #VU33633
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:U/RC:C]
CVE-ID: CVE-2015-4141
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in The WPS UPnP function in hostapd, when using WPS AP, and wpa_supplicant, when using WPS external registrar (ER), 0.7.0 through 2.4. A remote attacker can use a negative chunk length to trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Buffer overflow
EUVDB-ID: #VU32295
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4142
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
Integer underflow in the WMM Action frame parser in hostapd 0.5.5 through 2.4 and wpa_supplicant 0.7.0 through 2.4, when used for AP mode MLME/SME functionality, allows remote attackers to cause a denial of service (crash) via a crafted frame, which triggers an out-of-bounds read.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Buffer overflow
EUVDB-ID: #VU40718
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4143
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Buffer overflow
EUVDB-ID: #VU40717
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4144
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate that a message is long enough to contain the Total-Length field, which allows remote attackers to cause a denial of service (crash) via a crafted message.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Resource management error
EUVDB-ID: #VU40716
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-4145
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to perform service disruption.
The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 does not validate a fragment is already being processed, which allows remote attackers to cause a denial of service (memory leak) via a crafted message.
MitigationUpdate the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Memory corruption
EUVDB-ID: #VU11265
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2015-5314
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to cause DoS condition on the target system.
The weakness exists in the eap_pwd_process function due to missing last fragment length validation. An adjacent attacker can submit a large buffer fragment in an EAP-pwd message, trigger memory corruption and cause the service to crash.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Denial of service
EUVDB-ID: #VU832
Risk: Low
CVSSv3.1: 5.2 [CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2016-4476
CWE-ID:
CWE-88 - Argument Injection or Modification
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated user to cause DoS conditions on the target system.
The weakness is due to improper writing of configuration file update for the WPA/WPA2 passphrase parameter. If the parameter is updated through a WPS operation or local configuration, the resulting configuration file leads to interruption of the hostapd and wpa supplicant functionality.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Key management errors
EUVDB-ID: #VU8838
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13078
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
10) Key management errors
EUVDB-ID: #VU8839
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13079
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
11) Security restrictions bypass
EUVDB-ID: #VU9591
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to write arbitrary files on the target system.
The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Key management errors
EUVDB-ID: #VU8840
Risk: Medium
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13080
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
The vulnerability is dubbed "KRACK" attack.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
13) Key management errors
EUVDB-ID: #VU8841
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13081
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
14) Key management errors
EUVDB-ID: #VU8846
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13087
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
15) Key management errors
EUVDB-ID: #VU8847
Risk: High
CVSSv3.1: 9.1 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2017-13088
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.
The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.
Update the affected packages.
Opensuse: 42.2 - 42.3
External linkshttp://lists.opensuse.org/opensuse-security-announce/2017-10/msg00083.html
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
