An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects, which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation paths might exist.

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:1003 advisory.

    Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:

    CVE-2024-5290:
    An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects,     which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as     (usually root).




    Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an unprivileged     user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process; other escalation     paths might exist.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - An issue was discovered in Ubuntu wpa_supplicant that resulted in loading of arbitrary shared objects,     which allows a local unprivileged attacker to escalate privileges to the user that wpa_supplicant runs as     (usually root). Membership in the netdev group or access to the dbus interface of wpa_supplicant allow an     unprivileged user to specify an arbitrary path to a module to be loaded by the wpa_supplicant process;
    other escalation paths might exist. (CVE-2024-5290)

Note that Nessus relies on the presence of the package as reported by the vendor.

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6945-1 advisory.

    Rory McNamara discovered that wpa_supplicant could be made to load

    arbitrary shared objects by unprivileged users that have access to the control interface. An attacker     could use this to escalate privileges to root.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5739 advisory.

    - -------------------------------------------------------------------------     Debian Security Advisory DSA-5739-1                   security@debian.org     https://www.debian.org/security/                     Salvatore Bonaccorso     August 06, 2024                       https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package        : wpa     CVE ID         : CVE-2024-5290

    Rory McNamara reported a local privilege escalation in wpasupplicant: A     user able to escalate to the netdev group can load arbitrary shared     object files in the context of the wpa_supplicant process running as     root.

    For the oldstable distribution (bullseye), this problem has been fixed     in version 2:2.9.0-21+deb11u2.

    For the stable distribution (bookworm), this problem has been fixed in     version 2:2.10-12+deb12u2.

    We recommend that you upgrade your wpa packages.

    For the detailed security status of wpa please refer to its security     tracker page at:
    https://security-tracker.debian.org/tracker/wpa

    Further information about Debian Security Advisories, how to apply     these updates to your system and frequently asked questions can be     found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
239127	TencentOS Server 4: wpa_supplicant (TSSA-2024:1003)	Nessus	Tencent Local Security Checks	high
230523	Linux Distros Unpatched Vulnerability : CVE-2024-5290	Nessus	Misc.	high
205112	Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS : wpa_supplicant and hostapd vulnerability (USN-6945-1)	Nessus	Ubuntu Local Security Checks	high
205083	Debian dsa-5739 : eapoltest - security update	Nessus	Debian Local Security Checks	high

Detections

Analytics

CVE-2024-5290

high

Tenable Plugins

high

high

high

high