Module Name: src
Committed By: christos
Date: Tue Nov 10 18:39:40 UTC 2015
Modified Files:
src/external/bsd/wpa/dist/wpa_supplicant: wnm_sta.c
Log Message:
Apply patch by Jouni Malinen. We don't have CONFIG_EAP_PWD enabled so we are
not affected:
EAP-pwd peer error path failure on unexpected Confirm message
Published: November 10, 2015
Identifier: CVE-2015-5316
Latest version available from: http://w1.fi/security/2015-8/
Vulnerability
A vulnerability was found in EAP-pwd peer implementation used in
wpa_supplicant. If an EAP-pwd Confirm message is received unexpectedly
before the Identity exchange, the error path processing ended up
dereferencing a NULL pointer and terminating the process.
For wpa_supplicant with EAP-pwd enabled in a network configuration
profile, this could allow a denial of service attack by an attacker
within radio range.
Vulnerable versions/configurations
wpa_supplicant v2.3-v2.5 with CONFIG_EAP_PWD=y in the build
configuration (wpa_supplicant/.config) and EAP-pwd enabled in a network
profile at runtime.
Possible mitigation steps
- Merge the following commits and rebuild wpa_supplicant:
EAP-pwd peer: Fix error path for unexpected Confirm message
This patch is available from http://w1.fi/security/2015-8/
- Update to wpa_supplicant v2.6 or newer, once available
- Remove CONFIG_EAP_PWD=y from build configuration
- Disable EAP-pwd in runtime configuration
To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3 -r1.2 \
src/external/bsd/wpa/dist/wpa_supplicant/wnm_sta.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
