On 2014/10/10 06:57, Sébastien Marie wrote: > Hi David, > > You may have already be advertised, but in case... the current version > of wpa_supplicant in openbsd-ports may be vulnerable to a remote command > execution. > > The vulnerability description is here: > http://w1.fi/security/2014-1/wpacli-action-scripts.txt > > The vulnerability on v2.2 is triggeable if some configuration options > are enable (CONFIG_P2P or CONFIG_WNM or CONFIG_HS20 or CONFIG_WPS), but > I don't see any of them in current build (files/config). So I don't sure > if the version in ports is vulnerable or not. > > Thanks. > -- > Sébastien Marie >
AIUI these methods are only possible if wpa_supplicant has scan support, which it does not handle on OpenBSD.