You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa wpa i wpasupplicant

Sigurnosni nedostatak programskog paketa wpa i wpasupplicant

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LUB

==========================================================================
Ubuntu Security Notice USN-2383-1
October 14, 2014

wpa, wpasupplicant vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 14.04 LTS
– Ubuntu 12.04 LTS
– Ubuntu 10.04 LTS

Summary:

wpa_supplicant could be made to run programs if it received specially
crafted network traffic.

Software Description:
– wpa: client support for WPA and WPA2
– wpasupplicant: client support for WPA and WPA2

Details:

Jouni Malinen discovered that the wpa_cli tool incorrectly sanitized
strings when being used with action scripts. A remote attacker could
possibly use this issue to execute arbitrary commands.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
wpasupplicant 2.1-0ubuntu1.1

Ubuntu 12.04 LTS:
wpasupplicant 0.7.3-6ubuntu2.3

Ubuntu 10.04 LTS:
wpasupplicant 0.6.9-3ubuntu3.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References:
http://www.ubuntu.com/usn/usn-2383-1
CVE-2014-3686

Package Information:
https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.1
https://launchpad.net/ubuntu/+source/wpasupplicant/0.7.3-6ubuntu2.3
https://launchpad.net/ubuntu/+source/wpasupplicant/0.6.9-3ubuntu3.2

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJUPW9QAAoJEGVp2FWnRL6TXSQP/120iwCTD3rzZnaWAx+L1zsH
Epbde9r7fhau5Exztq3qlFr8nkXKJdB/aghZnkd+mAKdU3b65oR0Ga8C2F9UCPOX
j5nVLW+mdT2yaour+kqPpzKoWMu5z/WjAI6KAu3+/PYFmC1e1E52E1WETbiqbGgY
p3c2EaUCNTI9WJE4gMesBHdhXsvpiz5rRQUhjtr+3QxlGBD7VKs+eT/e2YmKyZeV
8v2Klqu6AYfKn91GxqCk43vku8RorKg1EW8qeJH+1vlg6+nwql1Z0jxX//G86MZW
tQ1kq98PMPJ/18JffnL8VjG1zk7L6CWSWiDY6Uq00ht+tisiNCUHeYS96Lx8EOYy
7Zn1a9SZ9dQkwDH7qTNxLoD1yuCk0P6HZEAZRHTECPLPguzItcNbaNAEfM2xrIxJ
j5jsFd2p2D9Aj4cno0L/61N8gREwyAIWFWySrMA03LvK7DZ1PAwmulX9Z2dHyxLD
SC0O1nmuonw1/PPzYPHB8C/Nhhtr7HPboo0oKvtQcVViyy6htNJvlxf8kuvKj4Kv
lZKSjfdZ+NHHOkOr7yvOeqCazjI0oXJU1cOuF352OFEtY5l3WVjE7MIvXnJBGGYE
FyN/JAIA5owK5tEhVjNVsWJ0F+KTM8lfy5s9pLpQhHI1TVyh/Zh8LVqpVj9H/K7+
n6nZT39UdtFeSnwYiZ1i
=aybO
—–END PGP SIGNATURE—–

AutorMarko Stanec
Cert idNCERT-REF-2014-10-0001-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Sigurnosni nedostaci programskog paketa wireshark

Otkriveni su sigurnosni nedostaci u programskom paketu wireshark za operacijski sustav Debian. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close