Vulnerability CVE-2019-9499: Information

Description

The implementations of EAP-PWD in wpa_supplicant EAP Peer, when built against a crypto library missing explicit validation on imported elements, do not validate the scalar and element values in EAP-pwd-Commit. An attacker may complete authentication, session key and control of the data connection with a client. Both hostapd with SAE support and wpa_supplicant with SAE support prior to and including version 2.4 are affected. Both hostapd with EAP-pwd support and wpa_supplicant with EAP-pwd support prior to and including version 2.7 are affected.

Severity: HIGH (8.1) Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2019-9499
Published: April 17, 2019
Modified: Nov. 7, 2023
Error type identifier: CWE-287

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
hostapdsisyphus2.9-alt12.10-alt2ALT-PU-2019-2497-1236307Fixed
hostapdp102.9-alt12.10-alt2ALT-PU-2019-2497-1236307Fixed
hostapdp92.9-alt22.9-alt2ALT-PU-2020-3139-1260257Fixed
hostapdc10f12.9-alt12.10-alt2ALT-PU-2019-2497-1236307Fixed
hostapdc9f22.10-alt22.10-alt2ALT-PU-2022-1980-1300918Fixed
hostapdp112.9-alt12.10-alt2ALT-PU-2019-2497-1236307Fixed
wpa_supplicantsisyphus2.9-alt12.10-alt2ALT-PU-2019-2498-1236307Fixed
wpa_supplicantp102.9-alt12.10-alt2ALT-PU-2019-2498-1236307Fixed
wpa_supplicantp92.9-alt12.9-alt4ALT-PU-2019-2554-1236684Fixed
wpa_supplicantc10f12.9-alt12.10-alt2ALT-PU-2019-2498-1236307Fixed
wpa_supplicantc9f22.9-alt12.10-alt2ALT-PU-2019-2554-1236684Fixed
wpa_supplicantp112.9-alt12.10-alt2ALT-PU-2019-2498-1236307Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://w1.fi/security/2019-4/
  • Patch
  • Vendor Advisory
FreeBSD-SA-19:03
  • Third Party Advisory
20190515 FreeBSD Security Advisory FreeBSD-SA-19:03.wpa
  • Mailing List
  • Third Party Advisory
https://www.synology.com/security/advisory/Synology_SA_19_16
  • Third Party Advisory
[debian-lts-announce] 20190731 [SECURITY] [DLA 1867-1] wpa security update
  • Mailing List
  • Third Party Advisory
openSUSE-SU-2020:0222
  • Mailing List
  • Third Party Advisory
FEDORA-2019-d03bae77f5
    FEDORA-2019-f409af9fbe
      FEDORA-2019-eba1109acd

          1. Configuration 1

            cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
            End including
            2.4
            cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
            End including
            2.4
            cpe:2.3:a:w1.fi:wpa_supplicant:*:*:*:*:*:*:*:*
            Start including
            2.5
            End including
            2.7
            cpe:2.3:a:w1.fi:hostapd:*:*:*:*:*:*:*:*
            Start including
            2.5
            End including
            2.7

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
            cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*
            cpe:2.3:a:opensuse:backports_sle:15.0:-:*:*:*:*:*:*

            Configuration 4

            cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

            Configuration 5

            cpe:2.3:a:synology:router_manager:1.2:*:*:*:*:*:*:*
            cpe:2.3:a:synology:radius_server:3.0:*:*:*:*:*:*:*

            Configuration 6

            cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p13:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:*
            cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*
            Start including
            11.0
            End including
            11.1
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.3
        Back to top