RHSA-2014:1956-01 -- Redhat wpa_supplicantID: oval:org.secpod.oval:def:501461 | Date: (C)2014-12-12 (M)2022-09-22 |
Class: PATCH | Family: unix |
The wpa_supplicant package contains an 802.1X Supplicant with support for WEP, WPA, WPA2 , and various EAP authentication methods. It implements key negotiation with a WPA Authenticator for client stations and controls the roaming and IEEE 802.11 authentication and association of the WLAN driver. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script , and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. Red Hat would like to thank Jouni Malinen for reporting this issue. All wpa_supplicant users are advised to upgrade to this updated package, which contains a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 7 |