FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

hostapd and wpa_supplicant -- multiple vulnerabilities

Affected packages
hostapd < 2.4_1
wpa_supplicant < 2.4_3

Details

VuXML ID bbc0db92-084c-11e5-bb90-002590263bf5
Discovery 2015-05-04
Entry 2015-06-01

Jouni Malinen reports:

WPS UPnP vulnerability with HTTP chunked transfer encoding. (2015-2 - CVE-2015-4141)

Integer underflow in AP mode WMM Action frame processing. (2015-3 - CVE-2015-4142)

EAP-pwd missing payload length validation. (2015-4 - CVE-2015-4143, CVE-2015-4144, CVE-2015-4145, CVE-2015-4146)

References

CVE Name CVE-2015-4141
CVE Name CVE-2015-4142
CVE Name CVE-2015-4143
CVE Name CVE-2015-4144
CVE Name CVE-2015-4145
CVE Name CVE-2015-4146
Message http://openwall.com/lists/oss-security/2015/05/31/6
URL http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
URL http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
URL http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt