[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

CESA-2014:1956 -- centos 7 wpa_supplicant

ID: oval:org.secpod.oval:def:203491Date: (C)2014-12-12   (M)2022-10-10
Class: PATCHFamily: unix




The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script , and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. Red Hat would like to thank Jouni Malinen for reporting this issue. All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.

Platform:
CentOS 7
Product:
wpa_supplicant
Reference:
CESA-2014:1956
CVE-2014-3686
CVE    1
CVE-2014-3686
CPE    7
cpe:/a:w1.fi:wpa_supplicant:0.72
cpe:/a:w1.fi:wpa_supplicant:2.2
cpe:/a:w1.fi:wpa_supplicant:2.1
cpe:/o:centos:centos:7
...

© SecPod Technologies