CVE-2014-3686 – hostapd: wpa_cli and hostapd_cli remote command execution issue

https://notcve.org/view.php?id=CVE-2014-3686

wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. wpa_supplicant y hostapd 0.7.2 hasta 2.2 cuando se ejecutan ciertas configuraciones y se utilizan los secuencias de comandos using_wpa_cli o hostapd_cli, permite a atacantes remotos ejecutar comandos arbitrarios a través de un frame manipulado. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. • http://advisories.mageia.org/MGASA-2014-0429.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html http://rhn.redhat.com/errata/RHSA-2014-1956.html http://secunia.com/advisories/60366 http://secunia.com/advisories/60428 http://secunia.com/advisories/61271 http://w1.fi/security/2014-1 http://www.debian.org/security/2014/ • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •