Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Ubuntu 24.04 LTS: USN-6945-1 Critical: wpa_supplicant Privilege Escalation

ubuntu
Calendar Grey August 6, 2024
Dist Ubuntu Esm H88
Ubuntu Security Notice USN-6946-1 alerts users about a flaw in the networking service that may allow attackers to gain unauthorized access through specially designed scripts.
wpa_supplicant could be made to run programs as an administrator with specially crafted configuration file.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: wpa_supplicant could be made to run programs as an administrator with specially crafted configuration file. Software Description: - wpa: client support for WPA and WPA2 Details: Rory McNamara discovered that wpa_supplicant could be made to load arbitrary shared objects by unprivileged users that have access to the control interface. An attacker could use this to escalate privileges to root.

Topics%20covered

Topics Covered

security advisory critical privilege escalation Ubuntu wpa_supplicant

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS wpasupplicant 2:2.10-21ubuntu0.1 Ubuntu 22.04 LTS wpasupplicant 2:2.10-6ubuntu2.1 Ubuntu 20.04 LTS wpasupplicant 2:2.9-1ubuntu4.4 Ubuntu 18.04 LTS wpasupplicant 2:2.6-15ubuntu2.8+esm1 Ubuntu 16.04 LTS wpasupplicant 2.4-0ubuntu6.8+esm1 Ubuntu 14.04 LTS wpasupplicant 2.1-0ubuntu1.7+esm5 In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6945-1

CVE-2024-5290,https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/2067613

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6945-1

Topics%20covered

Topics Covered

security advisory critical privilege escalation Ubuntu wpa_supplicant

Package Information

https://launchpad.net/ubuntu/+source/wpa/2:2.10-21ubuntu0.1 https://launchpad.net/ubuntu/+source/wpa/2:2.10-6ubuntu2.1 https://launchpad.net/ubuntu/+source/wpa/2:2.9-1ubuntu4.4 https://launchpad.net/ubuntu/+source/wpa/2:2.6-15ubuntu2.8+esm1 https://launchpad.net/ubuntu/+source/wpa/2.4-0ubuntu6.8+esm1 https://launchpad.net/ubuntu/+source/wpa/2.1-0ubuntu1.7+esm5

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here