FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2da3cb25-6571-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd missing commit validation

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the used password.

See https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support.


Discovery 2019-04-10
Entry 2019-04-23
Modified 2019-07-30
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9497
CVE-2019-9498
CVE-2019-9499
SA-19:03.wpa
7e53f9cc-656d-11e9-8e67-206a8a720317FreeBSD -- SAE side-channel attacks

Problem Description:

Side channel attacks in the SAE implementations used by both hostapd (AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE (Simultaneous Authentication of Equals) is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password based on observable timing differences and cache access patterns. This might result in full password recovery when combined with an offline dictionary attack and if the password is not strong enough to protect against dictionary attacks.

See https://w1.fi/security/2019-1/sae-side-channel-attacks.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9494
60129efe-656d-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd side-channel attack

Problem Description:

Potential side channel attacks in the SAE implementations used by both hostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation.

See https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9495
98b71436-656d-11e9-8e67-206a8a720317FreeBSD -- SAE confirm missing state validation

Problem Description:

When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode.

See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug.

Impact:

All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9496
a207bbd8-6572-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference.

See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.


Discovery 2019-04-18
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt