#VU40718 Buffer overflow in SUSE products - CVE-2015-4143

Cybersecurity Help s.r.o.

Published: 2015-06-15 | Updated: 2020-08-09

Vulnerability identifier: #VU40718

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2015-4143

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
wpa_supplicant
Server applications / Encryption software
hostapd
Server applications / Remote access servers, VPN
Opensuse
Operating systems & Components / Operating system

Vendor: Jouni Malinen
SUSE

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The EAP-pwd server and peer implementation in hostapd and wpa_supplicant 1.0 through 2.4 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted (1) Commit or (2) Confirm message payload.

Mitigation
Install update from vendor's website.

Vulnerable software versions

wpa_supplicant: 1.0 - 2.4

hostapd: 1.0 - 2.4

Opensuse: 1.0 - 13.2

External links
https://lists.opensuse.org/opensuse-updates/2015-06/msg00019.html
https://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
https://www.debian.org/security/2015/dsa-3397
https://www.openwall.com/lists/oss-security/2015/05/09/6
https://www.openwall.com/lists/oss-security/2015/05/31/6
https://www.ubuntu.com/usn/USN-2650-1
https://security.gentoo.org/glsa/201606-17

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for hostapd

Gentoo update for hostapd and wpa_supplicant

Multiple vulnerabilities in wpa_supplicant