Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2019-16275

hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range.

Related bugs and status

CVE-2019-16275 (Candidate) is related to these bugs:

Bug #1899262: Broken dbus GetAll message to wpa supplicant interface properties

Summary				In	Importance	Status
	1899262	Broken dbus GetAll message to wpa supplicant interface properties		wpa (Ubuntu)	High	Fix Released
	1899262	Broken dbus GetAll message to wpa supplicant interface properties		wpa (Ubuntu Bionic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://w1.fi/security...
MISC: https://w1.fi/security...
MISC: https://www.openwall.c...
MLIST: [oss-security] 2019091...
MLIST: [debian-lts-announce] ...
UBUNTU: USN-4136-1
UBUNTU: USN-4136-2
BUGTRAQ: 20190929 [SECURITY] [D...
DEBIAN: DSA-4538
FEDORA: FEDORA-2019-0e0b28001d
FEDORA: FEDORA-2019-2265b5ae86
FEDORA: FEDORA-2019-740834c559
FEDORA: FEDORA-2019-65509aac53
FEDORA: FEDORA-2019-2bdcccee3c