PT-2016-5969 · Hostap+4 · Hostapd+4

Imre Rad

Publicado

2016-05-09

Atualizado

2024-06-15

CVE-2016-4476

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions hostapd versions 0.6.7 through 2.5 wpa supplicant versions 0.6.7 through 2.5

Description The issue allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation, due to the failure to reject and r characters in passphrase parameters.

Recommendations For hostapd versions 0.6.7 through 2.5, consider disabling WPS operations until a patch is available. For wpa supplicant versions 0.6.7 through 2.5, restrict the use of passphrase parameters to minimize the risk of exploitation.

Correção

DoS

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2016-2481

ALT-PU-2016-2482

CVE-2016-4476

DLA-473-1

MGASA-2016-0199

OPENSUSE-SU-2017_2896-1

OPENSUSE-SU-2024:10022-1

OPENSUSE-SU-2024:10499-1

USN-3455-1

Produtos afetados

Alt Linux

Suse

Ubuntu

Hostapd

Wpa Supplicant

PT-2016-5969 · Hostap+4 · Hostapd+4

CVE-2016-4476

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 44