PT-2019-4181 · Linux+3 · Hostapd+4

Jouni Malinen

·

Publicado

2019-09-12

·

Atualizado

2024-10-29

·

CVE-2019-16275

CVSS v3.1

6.5

Média

VetorAV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions hostapd versions prior to 2.10 wpa supplicant versions prior to 2.10
Description The issue is related to a denial of service caused by mishandled source address validation, which should have been prevented by management frame protection. An attacker within the 802.11 communications range can send a crafted 802.11 frame to cause associated stations to be disconnected, requiring a reconnection to the network. This can be achieved by injecting a specially constructed unauthenticated IEEE 802.11 frame to the access point.
Recommendations For hostapd versions prior to 2.10, update to version 2.10 or later to resolve the issue. For wpa supplicant versions prior to 2.10, update to version 2.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the network to minimize the risk of exploitation.

Correção

DoS

Origin Validation Error

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-346CWE-20

Identificadores relacionados

ALT-PU-2020-3112
ALT-PU-2020-3113
ALT-PU-2020-3138
ALT-PU-2020-3139
ALT-PU-2021-1466
ALT-PU-2022-1159
ALT-PU-2022-1160
ALT-PU-2022-1927
ALT-PU-2022-1980
ALT-PU-2022-2423
ALT-PU-2023-1833
AZL-6972
BDU:2019-04775
CVE-2019-16275
DLA-1922-1
DSA-4538-1
MGASA-2020-0244
OPENSUSE-SU-2020:2053-1
OPENSUSE-SU-2020:2059-1
OPENSUSE-SU-2020_2053-1
OPENSUSE-SU-2020_2059-1
OPENSUSE-SU-2021:0519-1
OPENSUSE-SU-2021:0545-1
OPENSUSE-SU-2021_0519-1
OPENSUSE-SU-2024:10846-1
OPENSUSE-SU-2024:11515-1
ROSA-SA-2024-2517
SUSE-SU-2020:3380-1
SUSE-SU-2020:3424-1
SUSE-SU-2021:0478-1
SUSE-SU-2021_0478-1
USN-4136-1
USN-4136-2

Produtos afetados

Alt Linux
Suse
Ubuntu
Hostapd
Wpa Supplicant