English | Deutsch | Español
 
Inicial ▼
Página inicial Acerca Nuestro Contáctenos Privacidad Programas de Asociados Testimonios En la Prensa Listas de Correos Abuso Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
 
Auditorias ▼
Inicial Dedicada Avanzada Estándar Periódica Sin Riesgo Escritorio Básica Sello FAQ Resumen de Precio/Funciones Ordenar Nuevas Pruebas Todas las Pruebas Confidencialidad Búsqueda de Vulnerabilidad Ejecutar Auditoría Programador IP Permissions Auditorías Personalizadas Cola Recordatorio Sellos Informes Estilos de Informes
DNS
Administrado ▼
Acerca de DNS Ordenar/Renovar Preguntas Frecuentes AUP Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password
Monitoreo
de Redes ▼
Enterprise Avanzado Estándarr Prueba Preguntas Frecuentes Resumen de Precio/Funciones Ordenar Muestras
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Iniciar sesión/Registrarse 
 
 Búsqueda de    
Vulnerabilidad   		     Buscar 324607 Descripciones CVE y
145615 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.10.2021.0258
Categoría:Mageia Linux Local Security Checks
Título:Mageia: Security Advisory (MGASA-2021-0258)
Resumen:The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0258 advisory.
Descripción:Summary:
The remote host is missing an update for the 'kernel-linus' package(s) announced via the MGASA-2021-0258 advisory.

Vulnerability Insight:
This kernel-linus update is based on upstream 5.10.43 and fixes at least
the following security issues:

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and
WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received
fragments be cleared from memory after (re)connecting to a network. Under
the right circumstances, when another device sends fragmented frames
encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary
network packets and/or exfiltrate user data (CVE-2020-24586).

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and
WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments
of a frame are encrypted under the same key. An adversary can abuse this to
decrypt selected fragments when another device sends fragmented frames and
the WEP, CCMP, or GCMP encryption key is periodically renewed
(CVE-2020-24587).

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and
WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU
flag in the plaintext QoS header field is authenticated. Against devices
that support receiving non-SSP A-MSDU frames (which is mandatory as part
of 802.11n), an adversary can abuse this to inject arbitrary network
packets (CVE-2020-24588).

An issue was discovered in the kernel. An Access Point (AP) forwards EAPOL
frames to other clients even though the sender has not yet successfully
authenticated to the AP. This might be abused in projected Wi-Fi networks
to launch denial-of-service attacks against connected clients and makes
it easier to exploit other vulnerabilities in connected clients
(CVE-2020-26139).

An issue was discovered in the kernel ath10k driver. The Wi-Fi
implementation does not verify the Message Integrity Check (authenticity)
of fragmented TKIP frames. An adversary can abuse this to inject and
possibly decrypt packets in WPA or WPA2 networks that support the TKIP
data-confidentiality protocol (CVE-2020-26141).

An issue was discovered in the kernel ath10k driver. The WEP, WPA, WPA2,
and WPA3 implementations accept second (or subsequent) broadcast fragments
even when sent in plaintext and process them as full unfragmented frames.
An adversary can abuse this to inject arbitrary network packets independent
of the network configuration (CVE-2020-26145).

An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and
WPA3 implementations reassemble fragments even though some of them were
sent in plaintext. This vulnerability can be abused to inject packets and/
or exfiltrate selected fragments when another device sends fragmented
frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used
(CVE-2020-26147).

A double-free memory corruption in the Linux kernel HCI device
initialization subsystem was found in the way user attach malicious HCI
TTY Bluetooth device. A local user could use this flaw ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'kernel-linus' package(s) on Mageia 7, Mageia 8.

Solution:
Please install the updated package(s).

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2020-24586
Cisco Security Advisory: 20210511 Multiple Vulnerabilities in Frame Aggregation and Fragmentation Implementations of 802.11 Specification Affecting Cisco Products: May 2021
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63
https://www.fragattacks.com
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html
http://www.openwall.com/lists/oss-security/2021/05/11/12
Common Vulnerability Exposure (CVE) ID: CVE-2020-24587
Common Vulnerability Exposure (CVE) ID: CVE-2020-24588
Common Vulnerability Exposure (CVE) ID: CVE-2020-26139
Common Vulnerability Exposure (CVE) ID: CVE-2020-26141
Common Vulnerability Exposure (CVE) ID: CVE-2020-26145
Common Vulnerability Exposure (CVE) ID: CVE-2020-26147
Common Vulnerability Exposure (CVE) ID: CVE-2021-28691
https://security.gentoo.org/glsa/202107-30
https://xenbits.xenproject.org/xsa/advisory-374.txt
Common Vulnerability Exposure (CVE) ID: CVE-2021-3564
[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update
[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update
[oss-security] 20210525 CVE-2021-3564 Linux Bluetooth device initialization implementation bug
http://www.openwall.com/lists/oss-security/2021/05/25/1
[oss-security] 20210601 Re: CVE-2021-3564 Linux Bluetooth device initialization implementation bug
http://www.openwall.com/lists/oss-security/2021/06/01/2
https://bugzilla.redhat.com/show_bug.cgi?id=1964139
https://www.openwall.com/lists/oss-security/2021/05/25/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-3573
https://bugzilla.redhat.com/show_bug.cgi?id=1966578
https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth.git/commit/?id=e305509e678b3a4af2b3cfd410f409f7cdaabb52
https://www.openwall.com/lists/oss-security/2021/06/08/2
http://www.openwall.com/lists/oss-security/2023/07/02/1
Common Vulnerability Exposure (CVE) ID: CVE-2021-38208
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.12.10
https://github.com/torvalds/linux/commit/4ac06a1e013cf5fdd963317ffd3b968560f33bba
http://www.openwall.com/lists/oss-security/2021/08/17/1
http://www.openwall.com/lists/oss-security/2021/08/17/2
http://www.openwall.com/lists/oss-security/2021/08/24/2
CopyrightCopyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.



© 1998-2025 E-Soft Inc. Todos los derechos reservados.