1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200502-22 / wpa_supplicant |
| Release Date | February 16, 2005 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| net-wireless/wpa_supplicant | < 0.2.7 | >= 0.2.7 | All supported architectures |
Related bugreports: #81993
wpa_supplicant contains a buffer overflow that could lead to a Denial of Service.
wpa_supplicant is a WPA Supplicant with support for WPA and WPA2 (IEEE 802.11i / RSN).
wpa_supplicant contains a possible buffer overflow due to the lacking validation of received EAPOL-Key frames.
An attacker could cause the crash of wpa_supplicant using a specially crafted packet.
There is no known workaround at this time.
All wpa_supplicant users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=net-wireless/wpa_supplicant-0.2.7" |