ALT Linux Team

Package hostapd update in sisyphus on 2016-12-23

ALT-PU-2016-2481-1

Package hostapd updated to version 2.6-alt1 for branch sisyphus in task 175389.

Closed vulnerabilities

Published: 2021-03-15
Modified: 2023-11-21

BDU:2021-01305

Уязвимость функции rand() and random() программной сертификации устройств беспроводной сети WPA, связанная с недостатком в энтропии в выборе PIN, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (5.3) Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
References:
Published: 2019-03-23
Modified: 2024-11-21

CVE-2016-10743

hostapd before 2.6 does not prevent use of the low-quality PRNG that is reached by an os_random() function call.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
References:
Published: 2016-05-09
Modified: 2025-04-12

CVE-2016-4476

hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not reject \n and \r characters in passphrase parameters, which allows remote attackers to cause a denial of service (daemon outage) via a crafted WPS operation.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
Published: 2020-02-28
Modified: 2024-11-21

CVE-2019-10064

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values. This was fixed in conjunction with CVE-2016-10743.

Severity: MEDIUM (5.0) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
References:
VKontakte | Telegram | YouTube | Forum | GitHub | Bugzilla
Version: 2.1.2
Back to top