CVE-2015-5316
published 2018-02-21CVE-2015-5316: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration…
PriorityP427medium5.9CVSS 3.0
AVNACHPRNUINSUCNINAH
EPSS
3.25%
86.8th percentile
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | wpa | < wpa 2.3-2.3 (bookworm) | wpa 2.3-2.3 (bookworm) |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.3 | 2.3-2.3 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.3 | 2.3-2.3 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.3 | 2.3-2.3 |
| w1.fi | wpa_supplicant | >= 0 < 2.3-2.3 | 2.3-2.3 |
| w1.fi | wpa_supplicant | >= 2.0 < 2.6 | 2.6 |
CVSS provenance
nvdv3.05.9MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv5.9MEDIUM
vendor_debian5.9MEDIUM
vendor_redhat5.9MEDIUM
vendor_ubuntu4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mw8-f5p4-3j6f: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd
ghsa_unreviewed·2022-05-14
CVE-2015-5316 [MEDIUM] CWE-476 GHSA-6mw8-f5p4-3j6f: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
OSV
CVE-2015-5316: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd
osv·2018-02-21·CVSS 5.9
CVE-2015-5316 [MEDIUM] CVE-2015-5316: The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
OSV
wpa vulnerabilities
osv·2015-11-10·CVSS 4.3
CVE-2015-5310 [MEDIUM] wpa vulnerabilities
wpa vulnerabilities
It was discovered that wpa_supplicant incorrectly handled WMM Sleep Mode
Response frame processing. A remote attacker could use this issue to
perform broadcast/multicast packet injections, or cause a denial of
service. (CVE-2015-5310)
It was discovered that wpa_supplicant and hostapd incorrectly handled
certain EAP-pwd messages. A remote attacker could use this issue to cause a
denial of service. (CVE-2015-5314, CVE-2015-5315)
It was discovered that wpa_supplicant incorrectly handled certain EAP-pwd
Confirm messages. A remote attacker could use this issue to cause a
denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5316)
Red Hat
wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message
vendor_redhat·2015-11-10·CVSS 5.9
CVE-2015-5316 [MEDIUM] wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message
wpa_supplicant: EAP-pwd peer error path failure on unexpected Confirm message
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
Statement: Not vulnerable. This issue did not affect the versions of wpa_supplicant as shipped with Red Hat Enterprise Linux 5, 6, and 7.
Package: wpa_supplicant (Red Hat Enterprise Linux 5) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 6) - Not affected
Package: wpa_supplicant (Red Hat Enterprise Linux 7) - Not affected
Ubuntu
wpa_supplicant and hostapd vulnerabilities
vendor_ubuntu·2015-11-10·CVSS 4.3
CVE-2015-5310 [MEDIUM] wpa_supplicant and hostapd vulnerabilities
Title: wpa_supplicant and hostapd vulnerabilities
Summary: Several security issues were fixed in wpa_supplicant and hostapd.
It was discovered that wpa_supplicant incorrectly handled WMM Sleep Mode
Response frame processing. A remote attacker could use this issue to
perform broadcast/multicast packet injections, or cause a denial of
service. (CVE-2015-5310)
It was discovered that wpa_supplicant and hostapd incorrectly handled
certain EAP-pwd messages. A remote attacker could use this issue to cause a
denial of service. (CVE-2015-5314, CVE-2015-5315)
It was discovered that wpa_supplicant incorrectly handled certain EAP-pwd
Confirm messages. A remote attacker could use this issue to cause a
denial of service. This issue only applied to Ubuntu 15.10. (CVE-2015-5316)
Instructions: After a
Debian
CVE-2015-5316: wpa - The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_suppl...
vendor_debian·2015·CVSS 5.9
CVE-2015-5316 [MEDIUM] CVE-2015-5316: wpa - The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_suppl...
The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in wpa_supplicant 2.x before 2.6, when EAP-pwd is enabled in a network configuration profile, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an EAP-pwd Confirm message followed by the Identity exchange.
Scope: local
bookworm: resolved (fixed in 2.3-2.3)
bullseye: resolved (fixed in 2.3-2.3)
forky: resolved (fixed in 2.3-2.3)
sid: resolved (fixed in 2.3-2.3)
trixie: resolved (fixed in 2.3-2.3)
No detection rules found.
No public exploits indexed.
http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txthttp://www.openwall.com/lists/oss-security/2015/11/10/11http://www.securityfocus.com/bid/77538http://www.ubuntu.com/usn/USN-2808-1https://www.debian.org/security/2015/dsa-3397http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txthttp://www.openwall.com/lists/oss-security/2015/11/10/11http://www.securityfocus.com/bid/77538http://www.ubuntu.com/usn/USN-2808-1https://www.debian.org/security/2015/dsa-3397
2018-02-21
Published