Description of problem: Buffer overflow in wpa_supplicant-0.5.7-use-syslog.patch during WPA2 association. Version-Release number of selected component (if applicable): wpa_supplicant-0.5.7-2.fc7 How reproducible: Attempt to connect to WPA2 network using NM (or driving wpa_supplicant manually from the control interface). wpa_supplicant will segfault as it tries to dump a large RX_EAPOL frame. More detail and a patch here: http://mail.gnome.org/archives/networkmanager-list/2007-June/msg00014.html Have assigned severity to urgent as process is running as root and potentially exploitable.
I have the exact same problem when I try to connect to a dynamic wep network.
CVE-2007-2874
Dan says he'll get this fixed tonight. The patch supplied while it fixes this one case is not correct (as the author mentioned) since it only increases the buffer size.
Fix in progress; using vsnprintf/snprintf is a better fix than just increasing the buffer size.
Btw, Dan: If it'll help, I can do the fedora updates stuff after you provide builds. I've already got tons of experience using the tool (yay firefox updates).
Updates should have been pushed out, though the mirrors may take some time to catch up.
It fixes my bug where I had regular crashes as well: bug 241777. Thanks for that!
should be closed; update is long available