CVE-2015-5310

Published: 10 November 2015

The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response.

Priority

CVSS 3 base score: 4.3

Status

Package	Release	Status
wpa Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Released (2.1-0ubuntu1.4)
	upstream	Needs triage
	vivid	Released (2.1-0ubuntu7.3)
	wily	Released (2.4-0ubuntu3.2)
wpasupplicant Launchpad, Ubuntu, Debian	precise	Not vulnerable (code not present)
	trusty	Does not exist
	upstream	Needs triage
	vivid	Does not exist
	wily	Does not exist

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5310
http://w1.fi/security/2015-6/
https://ubuntu.com/security/notices/USN-2808-1
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›