[v3.0] wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script execution vulnerability (CVE-2014-3686)
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
References:
http://seclists.org/oss-sec/2014/q4/267
•MLIST:[oss-security] 20141009 wpa_cli and hostapd_cli action script
execution vulnerability
•URL: http://www.openwall.com/lists/oss-security/2014/10/09/28
•CONFIRM: http://w1.fi/security/2014-1/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1151259
•DEBIAN:DSA-3052
•URL: http://www.debian.org/security/2014/dsa-3052
•SUSE:openSUSE-SU-2014:1313
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html
•SUSE:openSUSE-SU-2014:1314
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html
•UBUNTU:USN-2383-1
•URL: http://www.ubuntu.com/usn/USN-2383-1
•BID:70396
•URL: http://www.securityfocus.com/bid/70396
•SECUNIA:60366
•URL: http://secunia.com/advisories/60366
•SECUNIA:60428
•URL: http://secunia.com/advisories/60428
•SECUNIA:61271
•URL: http://secunia.com/advisories/61271
(from redmine: issue id 3522, created on 2014-11-12, closed on 2015-06-16)
- Relations:
- parent #3518 (closed)
- Changesets:
- Revision a190cd66 by Natanael Copa on 2015-06-15T12:02:59Z:
main/wpa_supplicant: upgrade to 2.3 and various security fixes
CVE-2014-3686
CVE-2015-4141
CVE-2015-4142
CVE-2015-4143
CVE-2015-4144
CVE-2015-4145
CVE-2015-4146
fixes #4342
fixes #4268
fixes #3522
- Revision 74dfdf99 by Natanael Copa on 2015-06-15T12:06:03Z:
main/hostapd: security upgrade to 2.3 (CVE-2014-3686)
fixes #3522