wpa_supplicant contains a buffer overflow that could lead to a Denial of Service.
Package | net-wireless/wpa_supplicant on all architectures |
---|---|
Affected versions | < 0.2.7 |
Unaffected versions | >= 0.2.7 |
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN).
wpa_supplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames.
An attacker could cause the crash of wpa_supplicant using a specially crafted packet.
There is no known workaround at this time.
All wpa_supplicant users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7"
Release date
February 16, 2005
Latest revision
May 22, 2006: 02
Severity
normal
Exploitable
remote
Bugzilla entries