Red Hat Bugzilla – Bug 242455
CVE-2007-2874 wpa_supplicant segfault during WPA2 association
Last modified: 2007-11-30 17:12:06 EST
Description of problem:
Buffer overflow in wpa_supplicant-0.5.7-use-syslog.patch
during WPA2 association.
Version-Release number of selected component (if applicable):
Attempt to connect to WPA2 network using NM (or driving wpa_supplicant manually
from the control interface). wpa_supplicant will segfault as it tries to dump a
large RX_EAPOL frame.
More detail and a patch here:
Have assigned severity to urgent as process is running as root and potentially
I have the exact same problem when I try to connect to a dynamic wep network.
Dan says he'll get this fixed tonight. The patch supplied while it fixes this
one case is not correct (as the author mentioned) since it only increases the
Fix in progress; using vsnprintf/snprintf is a better fix than just increasing
the buffer size.
Btw, Dan: If it'll help, I can do the fedora updates stuff after you provide
builds. I've already got tons of experience using the tool (yay firefox updates).
Updates should have been pushed out, though the mirrors may take some time to
It fixes my bug where I had regular crashes as well: bug 241777. Thanks for
should be closed; update is long available