Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » Improper parsing of SSID info exposes Wi-Fi client's memory contents

Improper parsing of SSID info exposes Wi-Fi client's memory contents

2015/04/23

Softpedia - (International) Security researchers at Alibaba and Google discovered a vulnerability in the cross-platform "wpa_supplicant" Wi-Fi software that affects versions 1.0 - 2.4 with the Config_P2P option turned on and could allow an attacker to create a service set identifier (SSID) buffer overflow condition, potentially exposing sensitive information in the memory of the device and allowing for arbitrary code execution.

Source: http://news.softpedia.com/news/Improper-Parsing-of-Wi-Fi-SSID-Info-Exposes-Memory-Contents-479155.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:24:11