Detections
Analytics

Slackware Linux 14.0 / 14.1 / 14.2 / current wpa_supplicant Multiple Vulnerabilities (SSA:2021-362-01)

high Nessus Plugin ID 156338

Language:

Synopsis

The remote Slackware Linux host is missing a security update to wpa_supplicant.

Description

The version of wpa_supplicant installed on the remote host is prior to 2.9. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2021-362-01 advisory.

 - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. (CVE-2019-16275)

 - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different network segment than the fully qualified event- subscription URL, aka the CallStranger issue. (CVE-2020-12695)

 - In p2p_copy_client_info of p2p.c, there is a possible out of bounds write due to a missing bounds check.
 This could lead to remote code execution if the target device is performing a Wi-Fi Direct search, with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
 AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-172937525 (CVE-2021-0326)

 - In wpas_ctrl_msg_queue_timeout of ctrl_iface_unix.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168314741 (CVE-2021-0535)

 - A vulnerability was discovered in how p2p/p2p_pd.c in wpa_supplicant before 2.10 processes P2P (Wi-Fi Direct) provision discovery requests. It could result in denial of service or other impact (potentially execution of arbitrary code), for an attacker within radio range. (CVE-2021-27803)

 - In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. (CVE-2021-30004)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade the affected wpa_supplicant package.

Plugin Details

Severity: High

ID: 156338

File Name: Slackware_SSA_2021-362-01.nasl

Version: 1.5

Type: local

Published: 12/29/2021

Updated: 11/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.8

CVSS v2

Risk Factor: High

Base Score: 7.9

Temporal Score: 6.2

Vector: CVSS2#AV:A/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2021-0326

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-27803

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:wpa_supplicant, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:14.0, cpe:/o:slackware:slackware_linux:14.1, cpe:/o:slackware:slackware_linux:14.2

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 9/12/2019

Reference Information

CVE: CVE-2019-16275, CVE-2020-12695, CVE-2021-0326, CVE-2021-0535, CVE-2021-27803, CVE-2021-30004