Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28624
HistoryOct 10, 2012 - 12:00 a.m.

[SECURITY] [DSA 2557-1] hostapd security update

2012-10-1000:00:00
vulners.com
6
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Debian Security Advisory DSA-2557-1 [email protected]
http://www.debian.org/security/ Nico Golde
October 08, 2012 http://www.debian.org/security/faq

Package : hostapd
Vulnerability : buffer overflow
Problem type : remote
Debian-specific: no
CVE ID : CVE-2012-4445

Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages. As a result, an internal overflow checking routine terminates
the process. An attacker can abuse this flaw to conduct denial of service
attacks via crafted EAP-TLS messages prior to any authentication.

For the stable distribution (squeeze), this problem has been fixed in
version 0.6.10-2+squeeze1.

For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.

We recommend that you upgrade your hostapd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlBykZ8ACgkQHYflSXNkfP8KMwCgrZevrVOPeI76Vm4q6LfvTMLi
bJsAoKp8uuLyBRYI1JewUwPrWTFtdr3c
=VOSf
-----END PGP SIGNATURE-----

Related

fedora 3
openvas 10
nessus 7
cve 1
prion 1
osv 1
securityvulns 4
ubuntucve 1
freebsd_advisory 1
debiancve 1
freebsd 1
debian 1
fedora
fedora
[SECURITY] Fedora 16 Update: hostapd-0.7.3-10.fc16
2012-10-18 00:28:50
[SECURITY] Fedora 17 Update: hostapd-0.7.3-10.fc17
2012-10-18 00:32:53
[SECURITY] Fedora 18 Update: hostapd-1.0-3.fc18
2012-10-13 02:59:33
openvas
openvas
Fedora Update for hostapd FEDORA-2012-15759
2012-10-19 00:00:00
Fedora Update for hostapd FEDORA-2012-15748
2012-10-19 00:00:00
FreeBSD Ports: FreeBSD
2012-11-26 00:00:00
nessus
nessus
Fedora 16 : hostapd-0.7.3-10.fc16 (2012-15748)
2012-10-18 00:00:00
Fedora 17 : hostapd-0.7.3-10.fc17 (2012-15759)
2012-10-18 00:00:00
FreeBSD : FreeBSD -- Insufficient message length validation for EAP-TLS messages (f115f693-36b2-11e2-a633-902b343deec9)
2012-11-26 00:00:00
cve
cve
CVE-2012-4445
2012-10-10 18:55:00
prion
prion
Heap overflow
2012-10-10 18:55:00
osv
osv
hostapd - denial of service
2012-10-08 00:00:00
securityvulns
securityvulns
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
2012-10-10 00:00:00
hostapd buffer overflow
2012-10-10 00:00:00
hostapd security vulnerabilities
2012-10-28 00:00:00
ubuntucve
ubuntucve
CVE-2012-4445
2012-10-10 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:07.hostapd
2012-11-22 00:00:00
debiancve
debiancve
CVE-2012-4445
2012-10-10 18:55:00
freebsd
freebsd
FreeBSD -- Insufficient message length validation for EAP-TLS messages
2012-11-22 00:00:00
debian
debian
[SECURITY] [DSA 2557-1] hostapd security update
2012-10-08 08:41:03
JSON
Related for SECURITYVULNS:DOC:28624
fedora3openvas10nessus7cve1prion1osv1securityvulns4ubuntucve1freebsd_advisory1debiancve1freebsd1debian1