Wpa_supplicant P2P SSID Management Vulnerability (CVE-2015-1863)

Wpa_supplicant P2P SSID Management Vulnerability (CVE-2015-1863)
Wpa_supplicant P2P SSID Management Vulnerability (CVE-2015-1863)

Release date:
Updated on:

Affected Systems:

Android Android 5.x
Android Android 4.x
Android wpa_supplicant 1.0-2.4

Description:

CVE (CAN) ID: CVE-2015-1863

Wpa_supplicant is a Wi-Fi function component of Android and supports wireless connection authentication.

When wpa_supplicant v1.0-v2.4 uses the SSID information after management frame resolution, a buffer overflow vulnerability exists in implementation. Attackers send specially crafted management frames to the affected system to trigger the creation or update of P2P peer-to-peer device information, resulting in heap corruption, DOS, memory leakage, and arbitrary code execution. To exploit this vulnerability, you must enable the CONFIG_P2P build option.

<* Source: Alibaba security team

Link: http://seclists.org/oss-sec/2015/q2/242? Spm = 0.0.0.0.anLUMO
*>

Suggestion:

Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

* Update wpa_supplicant v2.5 or later
* Disable P2P (in the wpa_supplicant configuration file, control the interface command "P2P_SET disabled 1" or "p2p_disabled = 1 ")
* Disable P2P from build (delete CONFIG_P2P = y)
* Merge the following submissions to wpa_supplicant and recreate them:
P2p: Verify the SSID element length before copying
Patch acquisition location: http://w1.fi/security/2015-1/

Vendor patch:

Android
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://www.openhandsetalliance.com/android_overview.html

This article permanently updates the link address: