MGASA-2014-0429
- Source
- https://advisories.mageia.org/MGASA-2014-0429.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0429.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2014-0429
- Related
- Published
- 2014-10-28T11:33:36Z
- Modified
- 2014-10-28T11:12:58Z
- Summary
- Updated wpa_supplicant and hostapd packages fix security vulnerability
- Details
-
A vulnerability was found in the mechanism wpacli and hostapdcli use for executing action scripts. An unsanitized string received from a remote device can be passed to a system() call resulting in arbitrary command execution under the privileges of the wpacli/hostapdcli process (which may be root in common use cases) (CVE-2014-3686).
Using the Mageia wpa_supplicant package, systems are exposed to the vulnerability if operating as a WPS registrar.
The Mageia hostapd package was not vulnerable with the configuration with which it was built, but if a sysadmin had rebuilt it with WPS enabled, it would be vulnerable.
- References
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:3 / wpa_supplicant
Package
- Name
- wpa_supplicant
- Purl
- pkg:rpm/mageia/wpa_supplicant?distro=mageia-3
Mageia:3 / hostapd
Package
- Name
- hostapd
- Purl
- pkg:rpm/mageia/hostapd?distro=mageia-3
Mageia:4 / wpa_supplicant
Package
- Name
- wpa_supplicant
- Purl
- pkg:rpm/mageia/wpa_supplicant?distro=mageia-4
Mageia:4 / hostapd
Package
- Name
- hostapd
- Purl
- pkg:rpm/mageia/hostapd?distro=mageia-4