Debian Linux Security Advisory 3052-1 - Jouni Malinen discovered an input sanitization issue in the wpa_cli and hostapd_cli tools included in the wpa package. A remote wifi system within range could provide a crafted string triggering arbitrary code execution running with privileges of the affected wpa_cli or hostapd_cli process.
753b9e912256fa78da742abe670ee67537c6c4abcae01ccf1d07b62619d1837f-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3052-1 security@debian.org
http://www.debian.org/security/ Michael Gilbert
October 15, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : wpa
CVE ID : CVE-2014-3686
Debian Bug : 765352
Jouni Malinen discovered an input sanitization issue in the wpa_cli and
hostapd_cli tools included in the wpa package. A remote wifi system
within range could provide a crafted string triggering arbitrary code
execution running with privileges of the affected wpa_cli or hostapd_cli
process.
For the stable distribution (wheezy), this problem has been fixed in
version 1.0-3+deb7u1.
For the testing distribution (jessie), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 2.3-1.
We recommend that you upgrade your wpa packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJUP0NCAAoJELjWss0C1vRzUI0f/0+0H+kYgMDFtpdD9ujvGd4J
Su4KrAw3ZfX+4HXaBn0LrF8siOMChdCmsNDGp54B3PnCTNNuC1I13wDu01jgqJGa
sQnnie4XeTKF3hRLm1BLIkp5ozwtLKxEZA1KYoaVOEJq/06wO7YGNJG+ObDMFcUG
pJbqqtpBaQ/f2NhY3N4RfOgBuVsEPDSw2vYA9aaXJp1gilOJWkenCvrIvmMwWnHu
bslSiqlv7TozQY387cPUKCco19mRcskkl87eaL2ptQ4q67p4yB2Rw6NHJp+HnC1T
EQhLBVJJiE0PTqYckVVtU0yRuj5yqgRB8Pgq6Qe7/n3LdKhemnMsT3QuTzMJbSUI
Dxro/54MM9NzggbqoqaCTZDkv3E6MuFvnkB1r5r/9I57L3f1iSX9sBU23LTRq146
dcvyaQZwB93rPHvM18tMOS+cnx2cylyQdwIxsSzOrfYbqBE6ibJ/VbQTUJAo/yEs
7wHDB5FN3KTfWygPS+MbiO+ZTuBlV7bGQs0lli07guDLkt8PPSjkctF/ycK4CiO1
u3DCDpoeB+7gN6kwHAEq+FlCH64UDac9YsZFXmvh+QBJ3hecy4Sg5vF0KnEzJaLb
6bQmoCnw4hXkBfqdMeVgdDQNmDTRMWM31gD1MKZmyXFQioeUeK7jIi8zWo7Q9LQp
bFIoegAgBXtjUNs2+XNyAWVUC61e5iPTzbPS4m9EibKNV2kKmcSDLvgyprz24Wrq
0sVVv2MC0tA6g5eD4Xkcjs4ERrgjcEJHye0p2pUkxOie0ln2olGnUmMIMp3LJ9au
zo7LAk1TI4KppJBRj0o34qykXU//M0mG+Y6I2GZMsfamqcCOPq41sXHpm8c/EyUA
Uv91COG9z3JfEvw8X6PHxU/ZB/K6mwi/8fldBTBXmCAGaBLyKF2m3IHhv7l9TWpx
qs70ldpz82yE9nP4j79su8qglrLF1X6Ef5ClySe7/l4DlkyKy1/LJc//7hG7ml8T
ukmiLoNDEDUMBKqOxX6w5fOVtoGDrn7jyZVlEgAhGSb78UckOKnaGgf+hLd/PD98
rCYuw9qoAbUYmja7PG5AKfxz7VfRL3rOvbt4DfBYXd1F6UiJVLLVmLOshBW050qe
AYxMCnjRFUYcWrOjX2YjAaEEYHvIA0ZewBWXo17/bKOK0GCAwm9v4xi263qjkC9F
2e3Qg1HaEMxwN4TFpEigpUL429OwLagvR/5nrd/XBl14WSXhbcUw4UENNd2L2bv9
wM2Y4UoB8q8X6T2Vb8CwYNW8t8hRRbB/caV6wQLeh0L1QMMFqf/SCBQ5VFRMXUag
GTknMs9oYCT0EXg0ketGSKKMfNzQLinUD1cFl+vbt7yw5aNGY9PqlqBQVMQCmBg=
=7z9s
-----END PGP SIGNATURE-----
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed