Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28684
HistoryOct 28, 2012 - 12:00 a.m.

[ MDVSA-2012:168 ] hostapd

2012-10-2800:00:00
vulners.com
13
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2012:168
http://www.mandriva.com/security/

Package : hostapd
Date : October 22, 2012
Affected: 2011.

Problem Description:

Multiple vulnerabilities has been discovered and corrected in hostapd:

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
permissions for /etc/hostapd/hostapd.conf, which might allow
local users to obtain sensitive information such as credentials
(CVE-2012-2389).

Heap-based buffer overflow in the eap_server_tls_process_fragment
function in eap_server_tls_common.c in the EAP authentication server
in hostapd 0.6 through 1.0 allows remote attackers to cause a denial
of service (crash or abort) via a small TLS Message Length value in
an EAP-TLS message with the More Fragments flag set (CVE-2012-4445).

The updated packages have been patched to correct these issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445

Updated Packages:

Mandriva Linux 2011:
8fa9981eaf73dd9e84b62b42e300211a 2011/i586/hostapd-0.7.3-2.3-mdv2011.0.i586.rpm
912f917c8f0d5c8d146d544f9099cc29 2011/SRPMS/hostapd-0.7.3-2.3.src.rpm

Mandriva Linux 2011/X86_64:
4d692e59b6e55c1cc9292315fcc0570a 2011/x86_64/hostapd-0.7.3-2.3-mdv2011.0.x86_64.rpm
912f917c8f0d5c8d146d544f9099cc29 2011/SRPMS/hostapd-0.7.3-2.3.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFQhOGRmqjQ0CJFipgRAnrmAJ9xUxEo/Letga+CB8FLUkohKRRAnQCfeNqC
bfTTMhF26NCvFgGKgu6nwEQ=
=Cspq
-----END PGP SIGNATURE-----

Related

nessus 10
securityvulns 4
openvas 16
fedora 6
cve 2
debiancve 2
freebsd_advisory 1
prion 2
osv 1
ubuntucve 2
debian 1
freebsd 1
nessus
nessus
Mandriva Linux Security Advisory : hostapd (MDVSA-2012:168)
2012-10-23 00:00:00
Fedora 16 : hostapd-0.7.3-10.fc16 (2012-15748)
2012-10-18 00:00:00
Fedora 17 : hostapd-0.7.3-10.fc17 (2012-15759)
2012-10-18 00:00:00
securityvulns
securityvulns
hostapd security vulnerabilities
2012-10-28 00:00:00
[SECURITY] [DSA 2557-1] hostapd security update
2012-10-10 00:00:00
hostapd buffer overflow
2012-10-10 00:00:00
openvas
openvas
Mandriva Update for hostapd MDVSA-2012:168 (hostapd)
2012-10-23 00:00:00
Mandriva Update for hostapd MDVSA-2012:168 (hostapd)
2012-10-23 00:00:00
Fedora Update for hostapd FEDORA-2012-15759
2012-10-19 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: hostapd-0.7.3-10.fc16
2012-10-18 00:28:50
[SECURITY] Fedora 17 Update: hostapd-0.7.3-10.fc17
2012-10-18 00:32:53
[SECURITY] Fedora 18 Update: hostapd-1.0-3.fc18
2012-10-13 02:59:33
cve
cve
CVE-2012-4445
2012-10-10 18:55:00
CVE-2012-2389
2012-06-21 15:55:00
debiancve
debiancve
CVE-2012-4445
2012-10-10 18:55:00
CVE-2012-2389
2012-06-21 15:55:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:07.hostapd
2012-11-22 00:00:00
prion
prion
Heap overflow
2012-10-10 18:55:00
Design/Logic Flaw
2012-06-21 15:55:00
osv
osv
hostapd - denial of service
2012-10-08 00:00:00
ubuntucve
ubuntucve
CVE-2012-4445
2012-10-10 00:00:00
CVE-2012-2389
2012-06-21 00:00:00
debian
debian
[SECURITY] [DSA 2557-1] hostapd security update
2012-10-08 08:41:03
freebsd
freebsd
FreeBSD -- Insufficient message length validation for EAP-TLS messages
2012-11-22 00:00:00
JSON
Related for SECURITYVULNS:DOC:28684
nessus10securityvulns4openvas16fedora6cve2debiancve2freebsd_advisory1prion2osv1ubuntucve2debian1freebsd1