Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

Ubuntu: 2383-1 Critical wpa_supplicant Remote Command Execution

ubuntu
Calendar Grey October 14, 2014
Scroller Ubuntu
A significant notification regarding the wpa_supplicant vulnerability that permits remote command executions across several Ubuntu versions.
wpa_supplicant could be made to run programs if it received specially crafted network traffic.

Summary

wpa_supplicant could be made to run programs if it received specially

crafted network traffic.

Software Description:

- wpa: client support for WPA and WPA2

- wpasupplicant: client support for WPA and WPA2

Details:

Jouni Malinen discovered that the wpa_cli tool incorrectly sanitized

strings when being used with action scripts. A remote attacker could

possibly use this issue to execute arbitrary commands.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS:
  wpasupplicant                   2.1-0ubuntu1.1

Ubuntu 12.04 LTS:
  wpasupplicant                   0.7.3-6ubuntu2.3

Ubuntu 10.04 LTS:
  wpasupplicant                   0.6.9-3ubuntu3.2

After a standard system update you need to reboot your computer to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-2383-1

CVE-2014-3686

Severity
critical
Lowest
Low
Medium
High
Critical

October 14, 2014

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.