SUSE update for wpa_supplicant

1) Input validation error

EUVDB-ID: #VU40604

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2015-8041

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

Multiple integer overflows in the NDEF record parser in hostapd before 2.5 and wpa_supplicant before 2.5 allow remote attackers to cause a denial of service (process crash or infinite loop) via a large payload length field value in an (1) WPS or (2) P2P NFC NDEF record, which triggers an out-of-bounds read.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Key management errors

EUVDB-ID: #VU8837

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13077

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Key management errors

EUVDB-ID: #VU8838

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13078

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

4) Key management errors

EUVDB-ID: #VU8839

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13079

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

5) Security restrictions bypass

EUVDB-ID: #VU9591

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to write arbitrary files on the target system.

The weakness exists due to Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the Group Temporal Key (GTK) during the group key handshake. An adjacent attacker can replay frames from access points to clients.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Key management errors

EUVDB-ID: #VU8840

Risk: Medium

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13080

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

The vulnerability is dubbed "KRACK" attack.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

7) Key management errors

EUVDB-ID: #VU8841

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13081

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

8) Key management errors

EUVDB-ID: #VU8842

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13082

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant to reinstall a previously used pairwise key.

The weakness exists in the processing of the 802.11i 4-way handshake messages of the WPA and WPA2 protocols due to ambiguities in the processing of associated protocol messages. An adjacent attacker can use man-in-the-middle techniques to retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

9) Key management errors

EUVDB-ID: #VU8845

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13086

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11z standard to reinstall a previously used TPK key.

The weakness exists in the processing of the 802.11z (Extensions to Direct-Link Setup) TDLS handshake messages due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop on a TDLS handshake and retransmit previously used message exchanges between supplicant and authenticator.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

10) Key management errors

EUVDB-ID: #VU8846

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13087

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) Key management errors

EUVDB-ID: #VU8847

Risk: High

CVSSv3.1: 8.6 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2017-13088

CWE-ID: CWE-320 - Key Management Errors

Exploit availability: No

Description

The vulnerability allows an adjacent attacker to force a supplicant that is compliant with the 802.11v standard to reinstall a previously used integrity group key.

The weakness exists in the processing of the 802.11v (Wireless Network Management) Sleep Mode Response frames due to ambiguities in the processing of associated protocol messages. An adjacent attacker can passively eavesdrop and retransmit previously used WNM Sleep Mode Response frames.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

12) Improper input validation

EUVDB-ID: #VU14295

Risk: Low

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-14526

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The vulnerability exists on the systems where WPA2/RSN style of EAPOL-Key construction is used with TKIP negotiated as the pairwise cipher due to an error when processing malicious input. A remote attacker can send specially crafted unauthenticated EAPOL-Key frame data to modify the Group Transient Key (GTK) and prevent the target system from accepting group-addressed frames.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) NULL pointer dereference

EUVDB-ID: #VU31083

Risk: Medium

CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-11555

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in hostapd (EAP server) before 2.8 and wpa_supplicant (EAP peer) before 2.8 does not validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to a NULL pointer dereference (denial of service). This affects eap_server/eap_server_pwd.c and eap_peer/eap_pwd.c. A remote attacker can perform a denial of service (DoS) attack.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Information disclosure

EUVDB-ID: #VU20415

Risk: Low

CVSSv3.1: 4.6 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-13377

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to conduct time-based side-channel attacks on a targeted system.

The vulnerability exists due to insufficient security restrictions during the WPA3's Dragonfly handshake process when using Brainpool curves. A remote in radio range of the access point can observe timing differences and cache access patterns, conduct a side-channel attack and access sensitive information that could be used for full password recovery.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Information disclosure

EUVDB-ID: #VU23959

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9494

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the implementations of SAE are vulnerable to side channel attacks as a result of observable timing differences and cache access patterns. A remote attacker can gain leaked information from a side channel attack that can be used for full password recovery.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU23960

Risk: Low

CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9495

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the implementations of EAP-PWD are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper Authentication

EUVDB-ID: #VU23962

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9497

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No

Description

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to the implementations of EAP-PWD in hostapd EAP Server and wpa_supplicant EAP Peer do not validate the scalar and element values in EAP-pwd-Commit. A remote attacker can complete EAP-PWD authentication without knowing the password and gain unauthorized access to the application.

However, unless the crypto library does not implement additional checks for the EC point, the attacker will not be able to derive the session key or complete the key exchange.

This vulnerability affects the following products:

• hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4

• hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7
  

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23963

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9498

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the implementations of EAP-PWD in hostapd EAP Server, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. A remote attacker can use invalid scalar/element values to complete authentication.

This vulnerability affects the following products:

• hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4

• hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Permissions, Privileges, and Access Controls

EUVDB-ID: #VU23964

Risk: High

CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-9499

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to the implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. A remote attacker can complete authentication, session key and control of the data connection with a client.

This vulnerability affects the following products:

• hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4

• hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Out-of-bounds write

EUVDB-ID: #VU59104

Risk: Medium

CVSSv3.1: 6.7 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2021-0326

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input within the p2p_copy_client_info() function of p2p.c in wpa_suplicant. A remote attacker pass specially crafted input to the application, trigger out-of-bounds write and execute arbitrary code on the target system.

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

21) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU59839

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23303

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the implementations of SAE are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.

Note, this vulnerability exists due to incomplete fix for #VU23959 (CVE-2019-9494).

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Use of a broken or risky cryptographic algorithm

EUVDB-ID: #VU59838

Risk: Low

CVSSv3.1: 4.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-23304

CWE-ID: CWE-327 - Use of a Broken or Risky Cryptographic Algorithm

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to sensitive information on the target system.

The vulnerability exists due to the implementations of EAP-PWD are vulnerable to side-channel attacks as a result of cache access patterns. A remote attacker with ability to install and execute applications can crack weak passwords when memory access patterns are visible in a shared cache.

Note, this vulnerability exists due to incomplete fix for #VU23960 (CVE-2019-9495).

Mitigation

Update the affected package wpa_supplicant to the latest version.

Vulnerable software versions

SUSE OpenStack Cloud Crowbar: 8 - 9

SUSE Linux Enterprise Server for SAP: 12-SP3 - 12-SP4

HPE Helion Openstack: 8

SUSE Linux Enterprise Server: 12-SP2-BCL - 12-SP4-LTSS

SUSE OpenStack Cloud: 8 - 9

wpa_supplicant-debugsource: before 2.9-15.22.1

wpa_supplicant-debuginfo: before 2.9-15.22.1

wpa_supplicant: before 2.9-15.22.1

External links

http://www.suse.com/support/update/announcement/2022/suse-su-20221853-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.