Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 768759 - <net-wireless/wpa_supplicant-2.9-r3: multiple vulnerabilities
Summary: <net-wireless/wpa_supplicant-2.9-r3: multiple vulnerabilities
Status: IN_PROGRESS
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://w1.fi/security/2020-2/wpa_sup...
Whiteboard: B2 [glsa?]
Keywords:
Depends on:
Blocks: 780138
  Show dependency tree
 
Reported: 2021-02-05 04:01 UTC by Sam James
Modified: 2021-07-25 01:06 UTC (History)
2 users (show)

See Also:
Package list:
net-wireless/wpa_supplicant-2.9-r5
Runtime testing required: ---
nattka: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-05 04:01:03 UTC
Description:
"A vulnerability was discovered in how wpa_supplicant processing P2P
(Wi-Fi Direct) group information from active group owners. The actual
parsing of that information validates field lengths appropriately, but
processing of the parsed information misses a length check when storing
a copy of the secondary device types. This can result in writing
attacker controlled data into the peer entry after the area assigned for
the secondary device type.

The overflow can result in corrupting
pointers for heap allocations.

This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially arbitrary code execution."

Advisory: https://w1.fi/security/2020-2/wpa_supplicant-p2p-group-info-processing-vulnerability.txt

Patch: https://w1.fi/security/2020-2/0001-P2P-Fix-copying-of-secondary-device-types-for-P2P-gr.patch
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-02-05 04:01:15 UTC
Please apply the patch, thanks!
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-02-27 04:01:55 UTC
Ping
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-08 05:33:49 UTC
There's also 2021-1:

https://w1.fi/security/2021-1/


Vulnerability

A vulnerability was discovered in how wpa_supplicant processes P2P
(Wi-Fi Direct) provision discovery requests. Under a corner case
condition, an invalid Provision Discovery Request frame could end up
reaching a state where the oldest peer entry needs to be removed. With
a suitably constructed invalid frame, this could result in use
(read+write) of freed memory. This can result in an attacker within
radio range of the device running P2P discovery being able to cause
unexpected behavior, including termination of the wpa_supplicant process
and potentially code execution.


Vulnerable versions/configurations
Comment 4 Larry the Git Cow gentoo-dev 2021-06-08 05:41:21 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a67f782dde9b277d96bdc762475a4ff551268061

commit a67f782dde9b277d96bdc762475a4ff551268061
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2021-06-08 05:39:50 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2021-06-08 05:41:14 +0000

    net-wireless/wpa_supplicant: add security patches
    
    Patches for:
    * Upstream advisories 2020-2, 2021-1
    * CVE-2021-30004
    
    Bug: https://bugs.gentoo.org/768759
    Bug: https://bugs.gentoo.org/780138
    Signed-off-by: Sam James <sam@gentoo.org>

 net-wireless/wpa_supplicant/Manifest               |   1 +
 .../wpa_supplicant/wpa_supplicant-2.9-r3.ebuild    | 475 +++++++++++++++++++++
 2 files changed, 476 insertions(+)
Comment 5 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-17 20:18:40 UTC
amd64 done
Comment 6 NATTkA bot gentoo-dev 2021-06-17 22:20:40 UTC Comment hidden (obsolete)
Comment 7 Agostino Sarubbo gentoo-dev 2021-06-18 06:28:02 UTC
ppc stable
Comment 8 Agostino Sarubbo gentoo-dev 2021-06-18 06:28:57 UTC
ppc64 stable
Comment 9 Agostino Sarubbo gentoo-dev 2021-06-18 06:30:14 UTC
x86 stable
Comment 10 Sergei Trofimovich (RETIRED) gentoo-dev 2021-06-19 18:48:24 UTC
commit did not drop any keywords:

commit 99e1e98f29e5d21a2baf0aaaa79455f611f25096
Author: Thomas Deutschmann <whissi@gentoo.org>
Date:   Fri Jun 18 00:07:03 2021 +0200

    net-wireless/wpa_supplicant: rev bump for commit f9b8bde6b

+       KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86"
Comment 11 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-19 21:12:34 UTC
(In reply to Sergei Trofimovich from comment #10)
> commit did not drop any keywords:
> 
> commit 99e1e98f29e5d21a2baf0aaaa79455f611f25096
> Author: Thomas Deutschmann <whissi@gentoo.org>
> Date:   Fri Jun 18 00:07:03 2021 +0200
> 
>     net-wireless/wpa_supplicant: rev bump for commit f9b8bde6b
> 
> +       KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86"

I’m not sure what you mean… we were already stabilising for a security bug. We’re stable keywords accidentally added?
Comment 12 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-19 22:01:23 UTC
(In reply to Sam James from comment #11)
> (In reply to Sergei Trofimovich from comment #10)
> > commit did not drop any keywords:
> > 
> > commit 99e1e98f29e5d21a2baf0aaaa79455f611f25096
> > Author: Thomas Deutschmann <whissi@gentoo.org>
> > Date:   Fri Jun 18 00:07:03 2021 +0200
> > 
> >     net-wireless/wpa_supplicant: rev bump for commit f9b8bde6b
> > 
> > +       KEYWORDS="~alpha amd64 arm arm64 ~ia64 ~mips ppc ppc64 ~sparc x86"
> 
> I’m not sure what you mean… we were already stabilising for a security bug.
> We’re stable keywords accidentally added?

Aha: https://bugs.gentoo.org/780135#c8.
Comment 13 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-19 23:51:36 UTC
x86 done
Comment 14 Agostino Sarubbo gentoo-dev 2021-06-21 06:18:35 UTC
ppc stable
Comment 15 Agostino Sarubbo gentoo-dev 2021-06-21 06:19:07 UTC
ppc64 stable
Comment 16 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-22 19:38:05 UTC
arm done
Comment 17 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-06-23 14:23:31 UTC
arm64 done

all arches done
Comment 18 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-06-23 21:23:24 UTC
Please cleanup.