Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia 9: MGASA-2024-0322 critical: hostapd & wpa_supplicant network issue

mageia
Calendar Grey October 4, 2024
Dist Mageia Esm H88
Mageia 2024-0322 revisions for hostapd & wpa_supplicant rectify urgent network vulnerability. Click here for further details.
The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop

Summary

The IEEE 802.11 standard sometimes enables an adversary to trick a victim into connecting to an unintended or untrusted network with Home WEP, Home WPA3 SAE-loop. Enterprise 802.1X/EAP, Mesh AMPE, or FILS, aka an "SSID Confusion" issue. This occurs because the SSID is not always used to derive the pairwise master key or session keys, and because there is not a protected exchange of an SSID during a 4-way handshake.

References

- https://bugs.mageia.org/show_bug.cgi?id=33523

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PKEEFWTY6U7SRJ2BKUDQNTDL6FYIP5X/

- https://www.cve.org/CVERecord?id=CVE-2023-52424

Topics%20covered

Topics Covered

security advisory security update network attack wpa_supplicant hostapd Mageia SSID confusion

Resolution

SRPMS

- 9/core/hostapd-2.11-1.mga9

- 9/core/wpa_supplicant-2.11-1.mga9

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 04 Oct 2024
URL: https://advisories.mageia.org/MGASA-2024-0322.html
Type: security
CVE: CVE-2023-52424

Topics%20covered

Topics Covered

security advisory security update network attack wpa_supplicant hostapd Mageia SSID confusion

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here