Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 153423 - net-misc/xsupplicant: eap_do_notify() buffer overflow from a local network (CVE-2006-560[12])
Summary: net-misc/xsupplicant: eap_do_notify() buffer overflow from a local network (C...
Status: RESOLVED DUPLICATE of bug 154995
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
URL: http://secunia.com/advisories/22612/
Whiteboard: C1 [ebuild] Falco
Keywords:
Depends on:
Blocks:
 
Reported: 2006-10-30 02:54 UTC by Raphael Marichez (Falco) (RETIRED)
Modified: 2006-11-20 23:14 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-10-30 02:54:24 UTC 
Hi latexer, there's a vulnerability in xsupplicant according to secunia that can lead to the remote execution of arbitrary code from a local network.

Please could you bump out 1.2.8, thanks.
No stabilisation request will be needed because there's no stable arch for this package.



Description:
A vulnerability has been reported in Xsupplicant, which potentially can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the "eap_do_notify()" function. This can be exploited to cause a stack-based buffer overflow by sending a specially crafted EAP packet.

Successful exploitation may allow the execution of arbitrary code with "root" privileges.

Solution:
Update to version 1.2.8.
Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2006-11-20 23:14:39 UTC 
Since we appear to have a bit more info on bug #154995, I'm closing this one eventhough it was the first.

*** This bug has been marked as a duplicate of 154995 ***