CVE-2020-26139

Name
CVE-2020-26139
Description
An issue was discovered in the kernel in NetBSD 7.1. An Access Point (AP) forwards EAPOL frames to other clients even though the sender has not yet successfully authenticated to the AP. This might be abused in projected Wi-Fi networks to launch denial-of-service attacks against connected clients and makes it easier to exploit other vulnerabilities in connected clients.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.fragattacks.com
MISC https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md
MLIST http://www.openwall.com/lists/oss-security/2021/05/11/12
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html
MLIST https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html
CONFIRM https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf
CISCO https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu
MISC https://www.arista.com/en/support/advisories-notices/security-advisories/12602-security-advisory-63

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:netbsd:netbsd:7.1:*:*:*:*:*:*:* netbsd == None == 7.1

Vulnerable and fixed packages

Source package Branch Version Maintainer Status