Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 547492 (CVE-2015-1863) - <net-wireless/wpa_supplicant-2.4-r1: ESSID parsing buffer overflow vulnerability with p2p enabled (CVE-2015-1863)
Summary: <net-wireless/wpa_supplicant-2.4-r1: ESSID parsing buffer overflow vulnerabil...
Status: RESOLVED FIXED
Alias: CVE-2015-1863
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: http://w1.fi/security/2015-1/wpa_supp...
Whiteboard: B3 [glsa]
Keywords:
: 547490 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-04-23 14:57 UTC by Hanno Böck
Modified: 2016-06-27 10:35 UTC (History)
5 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2015-04-23 14:57:51 UTC
This sounds serious:
http://w1.fi/security/2015-1/wpa_supplicant-p2p-ssid-overflow.txt

p2p use flag is disabled by default in Gentoo, this will probably protect most users.

There's a patch:
http://w1.fi/security/2015-1/0001-P2P-Validate-SSID-element-length-before-copying-it-C.patch

Not sure if they'll produce a new release soon.
Comment 1 Alex Legler (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2015-04-23 15:01:43 UTC
*** Bug 547490 has been marked as a duplicate of this bug. ***
Comment 2 Rick Farina (Zero_Chaos) gentoo-dev 2015-04-27 18:27:52 UTC
it's a race, I've commited 2.4-r1 to fix this bug, but bug #524928 is also being fixed and stabilized.  Which bug will we stabilize for first?
Comment 3 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-27 21:17:54 UTC
2.4-r1 is already stable. Going to cleanup and vote.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-27 21:18:47 UTC
GLSA Vote: No
Comment 5 Kristian Fiskerstrand gentoo-dev Security 2015-04-30 18:57:52 UTC
GLSA Vote: No
Comment 6 Kristian Fiskerstrand gentoo-dev Security 2015-04-30 19:00:26 UTC
(In reply to Kristian Fiskerstrand from comment #5)
> GLSA Vote: No

This vulnerability on its own does not merit a GLSA, however adding this together with the GLSA for bug 524928
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-04-30 20:53:20 UTC
CVE-2015-1863 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-1863):
  Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows remote
  attackers to cause a denial of service (crash), read memory, or possibly
  execute arbitrary code via crafted SSID information in a management frame
  when creating or updating P2P entries.
Comment 8 Yury German Gentoo Infrastructure gentoo-dev Security 2015-04-30 20:54:22 UTC
Arches and Maintainer(s), Thank you for your work.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2016-06-27 10:35:45 UTC
This issue was resolved and addressed in
 GLSA 201606-17 at https://security.gentoo.org/glsa/201606-17
by GLSA coordinator Aaron Bauman (b-man).