Bugzilla – Bug 900611
VUL-0: CVE-2014-3686 wpa_supplicant and hostapd: wpa_cli and hostapd_cli remote command execution issue
Last modified: 2016-07-20 22:18:23 UTC
CVE-2014-3686 a specially crafted string supplied from a remote device could be supplied to a system() call in wpa_cli or hostapd_cli when running an action script (with the "-a" option), resulting in arbitrary command execution. This issue could also be triggered by an attacker within radio range. Patches are available from the following: http://w1.fi/security/2014-1/ References: http://w1.fi/security/2014-1/ http://www.openwall.com/lists/oss-security/2014/10/09/28 https://bugzilla.redhat.com/show_bug.cgi?id=1151259 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3686 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3686.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3686
bugbot adjusting priority
from the announcement: wpa_supplicant v2.2 with CONFIG_HS20 build option enabled we don't have this enabled, which means: Factory, SLE12, 13.2 are not affected wpa_supplicant v0.7.2-v2.2 with CONFIG_WPS build option enabled and operating as WPS Registrar so 13.1 is potentially affected, just as 12.3 the announcement does not mention versions before 0.7.2 affected, so sle11-sp2 and sle11-sp1 and sle10 should be out of the game (versions 0.7.1, 0.6.9 and 0.4.8 respectively). Looking at the code in the older version however this looks like the patch would be needed, so we should probably do it there.
(sle11-sp2 and later) # osc sr SUSE:SLE-11-SP2:Update:Test created request id 45376 (sle11-sp1 and teradata) # osc sr SUSE:SLE-11-SP1:Update:Test created request id 45377 (sle10-sp3 and teradata) # osc sr SUSE:SLE-10-SP3:Update:Test created request id 45380 (openSUSE 13.1) # osc sr WARNING: WARNING: Project does not accept submit request, request to open a NEW maintenance incident instead WARNING: created request id Request: #255857 (openSUSE 12.3) WARNING: WARNING: Project does not accept submit request, request to open a NEW maintenance incident instead WARNING: created request id Request: #255858
This is an autogenerated message for OBS integration: This bug (900611) was mentioned in https://build.opensuse.org/request/show/255857 13.1 / wpa_supplicant https://build.opensuse.org/request/show/255858 12.3 / wpa_supplicant
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-10-21. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/59364
openSUSE-SU-2014:1313-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 900611 CVE References: CVE-2014-3686 Sources used: openSUSE 12.3 (src): wpa_supplicant-1.1-2.4.1
openSUSE-SU-2014:1314-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 900611 CVE References: CVE-2014-3686 Sources used: openSUSE 13.1 (src): wpa_supplicant-2.0-3.8.1
SUSE-SU-2014:1356-1: An update that solves one vulnerability and has one errata is now available. Category: security (important) Bug References: 868937,900611 CVE References: CVE-2014-3686 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): wpa_supplicant-0.7.1-6.15.1 SUSE Linux Enterprise Server 11 SP3 (src): wpa_supplicant-0.7.1-6.15.1 SUSE Linux Enterprise Desktop 11 SP3 (src): wpa_supplicant-0.7.1-6.15.1
reaasigning
released everything
SUSE-SU-2015:1013-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 900611,915323,927558 CVE References: CVE-2014-3686,CVE-2015-0210,CVE-2015-1863 Sources used: SUSE Linux Enterprise Server 12 (src): wpa_supplicant-2.2-8.1 SUSE Linux Enterprise Desktop 12 (src): wpa_supplicant-2.2-8.1