FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
2da3cb25-6571-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd missing commit validation

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate the received scalar and element values in EAP-pwd-Commit messages properly. This could result in attacks that would be able to complete EAP-pwd authentication exchange without the attacker having to know the used password.

See https://w1.fi/security/2019-4/eap-pwd-missing-commit-validation.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support.


Discovery 2019-04-10
Entry 2019-04-23
Modified 2019-07-30
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9497
CVE-2019-9498
CVE-2019-9499
SA-19:03.wpa
98b71436-656d-11e9-8e67-206a8a720317FreeBSD -- SAE confirm missing state validation

Problem Description:

When hostapd is used to operate an access point with SAE (Simultaneous Authentication of Equals; also known as WPA3-Personal), an invalid authentication sequence could result in the hostapd process terminating due to a NULL pointer dereference when processing SAE confirm message. This was caused by missing state validation steps when processing the SAE confirm message in hostapd/AP mode.

See https://w1.fi/security/2019-3/sae-confirm-missing-state-validation.txt for a detailed description of the bug.

Impact:

All hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9496
967b852b-1e28-11e6-8dd3-002590263bf5hostapd and wpa_supplicant -- psk configuration parameter update allowing arbitrary data to be written

Jouni Malinen reports:

psk configuration parameter update allowing arbitrary data to be written (2016-1 - CVE-2016-4476/CVE-2016-4477).


Discovery 2016-05-02
Entry 2016-05-20
Modified 2017-03-22
wpa_supplicant
< 2.5_2

hostapd
< 2.6

CVE-2016-4476
CVE-2016-4477
ports/209564
http://w1.fi/security/2016-1/psk-parameter-config-update.txt
976567f6-05c5-11e6-94fa-002590263bf5hostapd and wpa_supplicant -- multiple vulnerabilities

Jouni Malinen reports:

wpa_supplicant unauthorized WNM Sleep Mode GTK control. (2015-6 - CVE-2015-5310)

EAP-pwd missing last fragment length validation. (2015-7 - CVE-2015-5315)

EAP-pwd peer error path failure on unexpected Confirm message. (2015-8 - CVE-2015-5316)


Discovery 2015-11-10
Entry 2016-04-19
Modified 2017-03-22
wpa_supplicant
< 2.5_1

hostapd
< 2.6

CVE-2015-5310
CVE-2015-5315
CVE-2015-5316
ports/208482
http://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
http://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
http://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
60129efe-656d-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd side-channel attack

Problem Description:

Potential side channel attacks in the SAE implementations used by both hostapd and wpa_supplicant (see CVE-2019-9494 and VU#871675). EAP-pwd uses a similar design for deriving PWE from the password and while a specific attack against EAP-pwd is not yet known to be tested, there is no reason to believe that the EAP-pwd implementation would be immune against the type of cache attack that was identified for the SAE implementation. Since the EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not support MODP groups, the timing attack described against SAE is not applicable for the EAP-pwd implementation.

See https://w1.fi/security/2019-2/eap-pwd-side-channel-attack.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support (CONFIG_EAP_PWD=y in the build configuration and EAP-pwd being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9495
d670a953-b2a1-11e7-a633-009c02a2ab30WPA packet number reuse with replayed messages and key reinstallation

wpa_supplicant developers report:

A vulnerability was found in how a number of implementations can be triggered to reconfigure WPA/WPA2/RSN keys (TK, GTK, or IGTK) by replaying a specific frame that is used to manage the keys.


Discovery 2017-10-16
Entry 2017-10-16
wpa_supplicant
le 2.6_1

hostapd
le 2.6

http://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
https://www.kb.cert.org/vuls/id/228519
CVE-2017-13077
CVE-2017-13078
CVE-2017-13079
CVE-2017-13080
CVE-2017-13081
CVE-2017-13082
CVE-2017-13084
CVE-2017-13086
CVE-2017-13087
CVE-2017-13088
7e53f9cc-656d-11e9-8e67-206a8a720317FreeBSD -- SAE side-channel attacks

Problem Description:

Side channel attacks in the SAE implementations used by both hostapd (AP) and wpa_supplicant (infrastructure BSS station/mesh station). SAE (Simultaneous Authentication of Equals) is also known as WPA3-Personal. The discovered side channel attacks may be able to leak information about the used password based on observable timing differences and cache access patterns. This might result in full password recovery when combined with an offline dictionary attack and if the password is not strong enough to protect against dictionary attacks.

See https://w1.fi/security/2019-1/sae-side-channel-attacks.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with SAE support (CONFIG_SAE=y in the build configuration and SAE being enabled in the runtime configuration).


Discovery 2019-04-10
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

CVE-2019-9494
a207bbd8-6572-11e9-8e67-206a8a720317FreeBSD -- EAP-pwd message reassembly issue with unexpected fragment

Problem Description:

EAP-pwd implementation in hostapd (EAP server) and wpa_supplicant (EAP peer) does not to validate fragmentation reassembly state properly for a case where an unexpected fragment could be received. This could result in process termination due to NULL pointer dereference.

See https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt for a detailed description of the bug.

Impact:

All wpa_supplicant and hostapd versions with EAP-pwd support could suffer a denial of service attack through process termination.


Discovery 2019-04-18
Entry 2019-04-23
FreeBSD
ge 12.0 lt 12.0_3

ge 11.2 lt 11.2_9

wpa_supplicant
< 2.8

hostapd
< 2.8

https://w1.fi/security/2019-5/eap-pwd-message-reassembly-issue-with-unexpected-fragment.txt