Slackware update for wpa_supplicant



Published: 2021-12-29 | Updated: 2022-08-07
Risk Medium
Patch available YES
Number of vulnerabilities 6
CVE-ID CVE-2021-0326
CVE-2021-0535
CVE-2020-12695
CVE-2019-16275
CVE-2021-27803
CVE-2021-30004
CWE-ID CWE-787
CWE-416
CWE-20
CWE-399
Exploitation vector Network
Public exploit Public exploit code for vulnerability #1 is available.
Public exploit code for vulnerability #3 is available.
Vulnerable software
Subscribe
Slackware Linux
Operating systems & Components / Operating system

Vendor Slackware

Security Bulletin

This security bulletin contains information about 6 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU59104

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-0326

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the p2p_copy_client_info() function of p2p.c in wpa_suplicant. A remote attacker pass specially crafted input to the application, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

2) Use-after-free

EUVDB-ID: #VU59105

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-0535

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the wpas_ctrl_msg_queue_timeout() function of ctrl_iface_unix.c file in wpa_supplicant. A local user can pass specially crafted data to the application, trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

3) Input validation error

EUVDB-ID: #VU28948

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-12695

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to perform a distributed denial of service (DDoS) attack.

The vulnerability exists due to a CallStranger issue in the UPnP SUBSCRIBE functionality. A remote attacker can send traffic to arbitrary destinations, leading to amplified DDoS attacks and data exfiltration.

Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

4) Input validation error

EUVDB-ID: #VU21420

Risk: Low

CVSSv3.1:

CVE-ID: CVE-2019-16275

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the affected software allows an incorrect indication of disconnection in certain situations because source address validation is mishandled. A remote attacker in radio range of the access point can send a specially crafted 802.11 frame and cause a denial of service condition on target system.

Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

5) Resource management error

EUVDB-ID: #VU55968

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-27803

CWE-ID: CWE-399 - Resource Management Errors

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to improper management of internal resources when processing P2P (Wi-Fi Direct) provision discovery requests in p2p/p2p_pd in wpa_supplicant. A remote attacker within radio range can send specially crafted request to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?

6) Input validation error

EUVDB-ID: #VU59106

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2021-30004

CWE-ID: CWE-20 - Improper Input Validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to insufficient validation of user-supplied input in tls/pkcs1.c and tls/x509v3.c files in wpa_supplicant and hostapd when handling AlgorithmIdentifier parameters. A remote attacker can pass specially crafted input to the application and perform MitM attack.

Mitigation

Update the affected package .

Vulnerable software versions

Slackware Linux: 14.0 - 14.2


CPE2.3 External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2021&m=slackware-security.501086

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###