CVE-2020-26139 - log back

CVE-2020-26139 edited at 03 Jun 2021 14:11:20
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=a98c4c030cfb69c6ec3d1b951a904b80fea90d8a
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.10.42&id=2b9b07b9a06fab16bda3d33da3be70fe33bd95cb
CVE-2020-26139 edited at 03 Jun 2021 13:50:41
Description
- An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
+ An issue was discovered in the Linux kernel before version 5.12.9. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVE-2020-26139 edited at 03 Jun 2021 13:27:58
Description
- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. Forwarded EAPOL frames are accepted from an unauthenticated sender.
+ An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
CVE-2020-26139 edited at 03 Jun 2021 13:26:40
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
+ https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.12.9&id=a98c4c030cfb69c6ec3d1b951a904b80fea90d8a
- https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
- https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
CVE-2020-26139 edited at 12 May 2021 07:19:40
Description
- A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. It is possible to forward EAPOL from an unauthenticated sender.
+ A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. Forwarded EAPOL frames are accepted from an unauthenticated sender.
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
+ https://lore.kernel.org/linux-wireless/20210511200110.cb327ed0cabe.Ib7dcffa2a31f0913d660de65ba3c8aca75b1d10f@changeid/
CVE-2020-26139 edited at 11 May 2021 18:58:05
Description
- A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. It is possible to forward EAPOL from an unauthenticated sender.
+ A security issue has been found in the IEEE 802.11 implementation (mac80211) of the Linux kernel. It is possible to forward EAPOL from an unauthenticated sender.
References
https://www.openwall.com/lists/oss-security/2021/05/11/12
https://papers.mathyvanhoef.com/usenix2021.pdf
https://www.fragattacks.com/
https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26139 edited at 11 May 2021 18:46:39
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Insufficient validation
Description
+ A security issue has been found in the ath10k and ath11k wireless drivers of the Linux kernel. It is possible to forward EAPOL from an unauthenticated sender.
References
+ https://www.openwall.com/lists/oss-security/2021/05/11/12
+ https://papers.mathyvanhoef.com/usenix2021.pdf
+ https://www.fragattacks.com/
+ https://lore.kernel.org/linux-wireless/20210511180259.159598-1-johannes@sipsolutions.net/
CVE-2020-26139 created at 11 May 2021 18:39:39
Severity
+ Unknown
Remote
+ Unknown
Type
+ Unknown
Description
References
Notes