Wpa_supplicant P2P SSID Management Vulnerability (CVE-2015-1863)
Wpa_supplicant P2P SSID Management Vulnerability (CVE-2015-1863)
Release date:
Updated on:
Affected Systems:
Android Android 5.x
Android Android 4.x
Android wpa_supplicant 1.0-2.4
Description:
CVE (CAN) ID: CVE-2015-1863
Wpa_supplicant is a Wi-Fi function component of Android and supports wireless connection authentication.
When wpa_supplicant v1.0-v2.4 uses the SSID information after management frame resolution, a buffer overflow vulnerability exists in implementation. Attackers send specially crafted management frames to the affected system to trigger the creation or update of P2P peer-to-peer device information, resulting in heap corruption, DOS, memory leakage, and arbitrary code execution. To exploit this vulnerability, you must enable the CONFIG_P2P build option.
<* Source: Alibaba security team
Link: http://seclists.org/oss-sec/2015/q2/242? Spm = 0.0.0.0.anLUMO
*>
Suggestion:
Temporary solution:
If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:
* Update wpa_supplicant v2.5 or later
* Disable P2P (in the wpa_supplicant configuration file, control the interface command "P2P_SET disabled 1" or "p2p_disabled = 1 ")
* Disable P2P from build (delete CONFIG_P2P = y)
* Merge the following submissions to wpa_supplicant and recreate them:
P2p: Verify the SSID element length before copying
Patch acquisition location: http://w1.fi/security/2015-1/
Vendor patch:
Android
-------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openhandsetalliance.com/android_overview.html
This article permanently updates the link address: