CVE-2019-16275
published 2019-09-12CVE-2019-16275: hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is…
PriorityP427medium6.5CVSS 3.1
AVAACLPRNUINSUCNINAH
EPSS
1.21%
64.7th percentile
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | wpa | < wpa 2:2.9-2 (bookworm) | wpa 2:2.9-2 (bookworm) |
| msrc | cbl2_wpa_supplicant_2.9-4_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_wpa_supplicant_2.9-2_on_cbl_mariner_1.0 | — | — |
| w1.fi | hostapd | <= 2.9 | — |
| w1.fi | wpa_supplicant | <= 2.9 | — |
| w1.fi | wpa_supplicant | >= 0 < 2:2.9-2 | 2:2.9-2 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.9-2 | 2:2.9-2 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.9-2 | 2:2.9-2 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.9-2 | 2:2.9-2 |
| w1.fi | wpa_supplicant | >= 0 < 2.4-0ubuntu6.6 | 2.4-0ubuntu6.6 |
| w1.fi | wpa_supplicant | >= 0 < 2:2.6-15ubuntu2.5 | 2:2.6-15ubuntu2.5 |
| w1.fi | wpa_supplicant | >= 0 < 2.1-0ubuntu1.7+esm2 | 2.1-0ubuntu1.7+esm2 |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.03.3LOWAV:A/AC:L/Au:N/C:N/I:N/A:P
osv6.5MEDIUM
vendor_debian6.5MEDIUM
vendor_msrc6.5MEDIUM
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
wpa_supplicant and hostapd vulnerability
vendor_ubuntu·2019-09-18
CVE-2019-16275 wpa_supplicant and hostapd vulnerability
Title: wpa_supplicant and hostapd vulnerability
Summary: wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.
It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Ubuntu
wpa_supplicant and hostapd vulnerability
vendor_ubuntu·2019-09-18
CVE-2019-16275 wpa_supplicant and hostapd vulnerability
Title: wpa_supplicant and hostapd vulnerability
Summary: wpa_supplicant could be made to be disconnected and require reconnection to the
network if it received a specially crafted management frame.
USN-4136-1 fixed a vulnerability in wpa_supplicant. This update provides
the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
It was discovered that wpa_supplicant incorrectly handled certain management
frames. An attacker could possibly use this issue to cause a denial of service.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
wpa_supplicant: AP mode PMF disconnection protection bypass
vendor_redhat·2019-09-11·CVSS 6.5
CVE-2019-16275 [MEDIUM] CWE-20 wpa_supplicant: AP mode PMF disconnection protection bypass
wpa_supplicant: AP mode PMF disconnection protection bypass
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
A vulnerability was discovered in wpa_supplicant. When Access Point (AP) mode and Protected Management Frames (PMF) (IEEE 802.11w) are enabled, wpa_supplicant does not perform enough validation on the source address of some received management frames. An attacker within the 802.11 communications range could use this flaw to inject an unauthenticated frame
Microsoft
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha
vendor_msrc·2019-09-10·CVSS 6.5
CVE-2019-16275 [MEDIUM] CWE-346 hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service tha
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency
Debian
CVE-2019-16275: wpa - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication...
vendor_debian·2019·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275: wpa - hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication...
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Scope: local
bookworm: resolved (fixed in 2:2.9-2)
bullseye: resolved (fixed in 2:2.9-2)
forky: resolved (fixed in 2:2.9-2)
sid: resolved (fixed in 2:2.9-2)
trixie: resolved (fixed in 2:2.9-2)
GHSA
GHSA-96gq-6rhf-g9x2: hostapd before 2
ghsa_unreviewed·2022-05-24
CVE-2019-16275 [MEDIUM] CWE-346 GHSA-96gq-6rhf-g9x2: hostapd before 2
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
OSV
CVE-2019-16275: hostapd before 2
osv·2019-09-13·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275: hostapd before 2
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. An attacker in radio range of the access point could inject a specially constructed unauthenticated IEEE 802.11 frame to the access point to cause associated stations to be disconnected and require a reconnection to the network.
OSV
CVE-2019-16275: hostapd before 2
osv·2019-09-12·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275: hostapd before 2
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [epel-all]
bugzilla·2019-10-30·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [epel-all]
CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple sup
Bugzilla
CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
bugzilla·2019-10-30·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supporte
Bugzilla
CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
bugzilla·2019-10-30·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
CVE-2019-16275 hostapd: wpa_supplicant: AP mode PMF disconnection protection bypass [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple
Bugzilla
CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass
bugzilla·2019-10-30·CVSS 6.5
CVE-2019-16275 [MEDIUM] CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass
CVE-2019-16275 wpa_supplicant: AP mode PMF disconnection protection bypass
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.
Reference:
https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txt
Discussion:
Created hostapd tracking bugs for this issue:
Affects: epel-all [bug 1767028]
Affects: fedora-all [bug 1767027]
Created wpa_supplicant tracking bugs for this issue:
Affects: fedora-all [bug 1767026]
---
Upstream patch:
https://w1.fi/
arXiv
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
arxiv_fulltext·2022-12-29
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware
## Abstract
Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l
http://www.openwall.com/lists/oss-security/2019/09/12/6https://lists.debian.org/debian-lts-announce/2019/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/https://seclists.org/bugtraq/2019/Sep/56https://usn.ubuntu.com/4136-1/https://usn.ubuntu.com/4136-2/https://w1.fi/security/2019-7/https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txthttps://www.debian.org/security/2019/dsa-4538https://www.openwall.com/lists/oss-security/2019/09/11/7http://www.openwall.com/lists/oss-security/2019/09/12/6https://lists.debian.org/debian-lts-announce/2019/09/msg00017.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36G4XAZ644DMHBLKOL4FDSPZVIGNQY6U/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B7NCLOPTZNRRNYODH22BFIDH6YIQWLJD/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FEGITWRTIWABW54ANEPCEF4ARZLXGSK5/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HY6STGJIIROVNIU6VMB2WTN2Q5M65WF4/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBJXUKV6XMSELWNXPS37CSUIH5EUHFXQ/https://seclists.org/bugtraq/2019/Sep/56https://usn.ubuntu.com/4136-1/https://usn.ubuntu.com/4136-2/https://w1.fi/security/2019-7/https://w1.fi/security/2019-7/ap-mode-pmf-disconnection-protection-bypass.txthttps://www.debian.org/security/2019/dsa-4538https://www.openwall.com/lists/oss-security/2019/09/11/7
2019-09-12
Published