wpa_supplicant, hostapd: wpa_cli and hostapd_cli action script execution vulnerability (CVE-2014-3686)
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame.
References:
http://seclists.org/oss-sec/2014/q4/267
•MLIST:[oss-security] 20141009 wpa_cli and hostapd_cli action script
execution vulnerability
•URL: http://www.openwall.com/lists/oss-security/2014/10/09/28
•CONFIRM: http://w1.fi/security/2014-1/
•CONFIRM: https://bugzilla.redhat.com/show\_bug.cgi?id=1151259
•DEBIAN:DSA-3052
•URL: http://www.debian.org/security/2014/dsa-3052
•SUSE:openSUSE-SU-2014:1313
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html
•SUSE:openSUSE-SU-2014:1314
•URL: http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html
•UBUNTU:USN-2383-1
•URL: http://www.ubuntu.com/usn/USN-2383-1
•BID:70396
•URL: http://www.securityfocus.com/bid/70396
•SECUNIA:60366
•URL: http://secunia.com/advisories/60366
•SECUNIA:60428
•URL: http://secunia.com/advisories/60428
•SECUNIA:61271
•URL: http://secunia.com/advisories/61271
(from redmine: issue id 3518, created on 2014-11-12, closed on 2015-06-16)
- Relations:
- child #3519 (closed)
- child #3520 (closed)
- child #3521 (closed)
- child #3522 (closed)