ID OPENVAS:1361412562310864290 Type openvas Reporter Copyright (c) 2012 Greenbone Networks GmbH Modified 2019-03-15T00:00:00
Description
The remote host is missing an update for the
###############################################################################
# OpenVAS Vulnerability Test
#
# Fedora Update for hostapd FEDORA-2012-8611
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
if(description)
{
script_xref(name:"URL", value:"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html");
script_oid("1.3.6.1.4.1.25623.1.0.864290");
script_version("$Revision: 14223 $");
script_tag(name:"last_modification", value:"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $");
script_tag(name:"creation_date", value:"2012-06-08 10:11:10 +0530 (Fri, 08 Jun 2012)");
script_tag(name:"cvss_base", value:"2.1");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_cve_id("CVE-2012-2389");
script_xref(name:"FEDORA", value:"2012-8611");
script_name("Fedora Update for hostapd FEDORA-2012-8611");
script_tag(name:"summary", value:"The remote host is missing an update for the 'hostapd'
package(s) announced via the referenced advisory.");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2012 Greenbone Networks GmbH");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC15");
script_tag(name:"affected", value:"hostapd on Fedora 15");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
if(release == "FC15")
{
if ((res = isrpmvuln(pkg:"hostapd", rpm:"hostapd~0.7.3~2.1.fc15", rls:"FC15")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99);
exit(0);
}
{"id": "OPENVAS:1361412562310864290", "type": "openvas", "bulletinFamily": "scanner", "title": "Fedora Update for hostapd FEDORA-2012-8611", "description": "The remote host is missing an update for the ", "published": "2012-06-08T00:00:00", "modified": "2019-03-15T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864290", "reporter": "Copyright (c) 2012 Greenbone Networks GmbH", "references": ["http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html", "2012-8611"], "cvelist": ["CVE-2012-2389"], "lastseen": "2019-05-29T18:39:06", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2389"]}, {"type": "nessus", "idList": ["FEDORA_2012-9137.NASL", "MANDRIVA_MDVSA-2012-168.NASL", "FEDORA_2012-9206.NASL", "FEDORA_2012-8611.NASL"]}, {"type": "fedora", "idList": ["FEDORA:31BCD20B2D", "FEDORA:89FD02101A", "FEDORA:9927E2025A"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310864482", "OPENVAS:864478", "OPENVAS:1361412562310864478", "OPENVAS:831748", "OPENVAS:1361412562310831748", "OPENVAS:864482", "OPENVAS:864290"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28684", "SECURITYVULNS:VULN:12670"]}], "modified": "2019-05-29T18:39:06", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2019-05-29T18:39:06", "rev": 2}, "vulnersScore": 5.9}, "pluginID": "1361412562310864290", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-8611\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864290\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:10 +0530 (Fri, 08 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name:\"FEDORA\", value:\"2012-8611\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-8611\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~2.1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "naslFamily": "Fedora Local Security Checks"}
{"cve": [{"lastseen": "2020-10-03T12:06:04", "description": "hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.", "edition": 3, "cvss3": {}, "published": "2012-06-21T15:55:00", "title": "CVE-2012-2389", "type": "cve", "cwe": ["CWE-264"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2389"], "modified": "2013-04-19T03:21:00", "cpe": ["cpe:/a:w1.fi:hostapd:0.7.3"], "id": "CVE-2012-2389", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2389", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*"]}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2389"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back- ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2012-06-19T14:58:28", "published": "2012-06-19T14:58:28", "id": "FEDORA:31BCD20B2D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: hostapd-0.7.3-9.fc17", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2389"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back- ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2012-06-07T23:10:25", "published": "2012-06-07T23:10:25", "id": "FEDORA:89FD02101A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 15 Update: hostapd-0.7.3-2.1.fc15", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2389"], "description": "hostapd is a user space daemon for access point and authentication servers. It implements IEEE 802.11 access point management, IEEE 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server. hostapd is designed to be a \"daemon\" program that runs in the back- ground and acts as the backend component controlling authentication. hostapd supports separate frontend programs and an example text-based frontend, hostapd_cli, is included with hostapd. ", "modified": "2012-06-19T14:54:08", "published": "2012-06-19T14:54:08", "id": "FEDORA:9927E2025A", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: hostapd-0.7.3-9.fc16", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2019-05-29T18:39:16", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:1361412562310864482", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864482", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2012-9137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-9137\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082475.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864482\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:24:58 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2389\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name:\"FEDORA\", value:\"2012-9137\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-9137\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC17\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 17\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~9.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-02T10:56:19", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "description": "Check for the Version of hostapd", "modified": "2017-12-27T00:00:00", "published": "2012-06-22T00:00:00", "id": "OPENVAS:864478", "href": "http://plugins.openvas.org/nasl.php?oid=864478", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2012-9206", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-9206\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"hostapd is a user space daemon for access point and authentication\n servers. It implements IEEE 802.11 access point management, IEEE\n 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.\n\n hostapd is designed to be a "daemon" program that runs in the back-\n ground and acts as the backend component controlling authentication.\n hostapd supports separate frontend programs and an example text-based\n frontend, hostapd_cli, is included with hostapd.\";\n\ntag_affected = \"hostapd on Fedora 16\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082459.html\");\n script_id(864478);\n script_version(\"$Revision: 8249 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-27 07:29:56 +0100 (Wed, 27 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:51 +0530 (Fri, 22 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name: \"FEDORA\", value: \"2012-9206\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-9206\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hostapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "description": "Check for the Version of hostapd", "modified": "2018-01-01T00:00:00", "published": "2012-06-08T00:00:00", "id": "OPENVAS:864290", "href": "http://plugins.openvas.org/nasl.php?oid=864290", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2012-8611", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-8611\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"hostapd is a user space daemon for access point and authentication\n servers. It implements IEEE 802.11 access point management, IEEE\n 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.\n\n hostapd is designed to be a "daemon" program that runs in the back-\n ground and acts as the backend component controlling authentication.\n hostapd supports separate frontend programs and an example text-based\n frontend, hostapd_cli, is included with hostapd.\";\n\ntag_affected = \"hostapd on Fedora 15\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html\");\n script_id(864290);\n script_version(\"$Revision: 8265 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-01 07:29:23 +0100 (Mon, 01 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-08 10:11:10 +0530 (Fri, 08 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name: \"FEDORA\", value: \"2012-8611\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-8611\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hostapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~2.1.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-01-02T10:58:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "description": "Check for the Version of hostapd", "modified": "2017-12-28T00:00:00", "published": "2012-08-30T00:00:00", "id": "OPENVAS:864482", "href": "http://plugins.openvas.org/nasl.php?oid=864482", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2012-9137", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-9137\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"hostapd is a user space daemon for access point and authentication\n servers. It implements IEEE 802.11 access point management, IEEE\n 802.1X/WPA/WPA2/EAP Authenticators and RADIUS authentication server.\n\n hostapd is designed to be a "daemon" program that runs in the back-\n ground and acts as the backend component controlling authentication.\n hostapd supports separate frontend programs and an example text-based\n frontend, hostapd_cli, is included with hostapd.\";\n\ntag_affected = \"hostapd on Fedora 17\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082475.html\");\n script_id(864482);\n script_version(\"$Revision: 8253 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-28 07:29:51 +0100 (Thu, 28 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-30 10:24:58 +0530 (Thu, 30 Aug 2012)\");\n script_cve_id(\"CVE-2012-2389\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_xref(name: \"FEDORA\", value: \"2012-9137\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-9137\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hostapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC17\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~9.fc17\", rls:\"FC17\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-22T00:00:00", "id": "OPENVAS:1361412562310864478", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864478", "type": "openvas", "title": "Fedora Update for hostapd FEDORA-2012-9206", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for hostapd FEDORA-2012-9206\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082459.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864478\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-22 10:24:51 +0530 (Fri, 22 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name:\"FEDORA\", value:\"2012-9206\");\n script_name(\"Fedora Update for hostapd FEDORA-2012-9206\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"hostapd on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~9.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-06T13:07:30", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4445", "CVE-2012-2389"], "description": "Check for the Version of hostapd", "modified": "2018-01-05T00:00:00", "published": "2012-10-23T00:00:00", "id": "OPENVAS:831748", "href": "http://plugins.openvas.org/nasl.php?oid=831748", "type": "openvas", "title": "Mandriva Update for hostapd MDVSA-2012:168 (hostapd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for hostapd MDVSA-2012:168 (hostapd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities has been discovered and corrected in hostapd:\n\n hostapd 0.7.3, and possibly other versions before 1.0, uses 0644\n permissions for /etc/hostapd/hostapd.conf, which might allow\n local users to obtain sensitive information such as credentials\n (CVE-2012-2389).\n\n Heap-based buffer overflow in the eap_server_tls_process_fragment\n function in eap_server_tls_common.c in the EAP authentication server\n in hostapd 0.6 through 1.0 allows remote attackers to cause a denial\n of service (crash or abort) via a small TLS Message Length value in\n an EAP-TLS message with the More Fragments flag set (CVE-2012-4445).\n\n The updated packages have been patched to correct these issues.\";\n\ntag_affected = \"hostapd on Mandriva Linux 2011.0\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:168\");\n script_id(831748);\n script_version(\"$Revision: 8295 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-05 07:29:18 +0100 (Fri, 05 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-23 09:29:43 +0530 (Tue, 23 Oct 2012)\");\n script_cve_id(\"CVE-2012-2389\", \"CVE-2012-4445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name: \"MDVSA\", value: \"2012:168\");\n script_name(\"Mandriva Update for hostapd MDVSA-2012:168 (hostapd)\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of hostapd\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2019-05-29T18:38:48", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4445", "CVE-2012-2389"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-10-23T00:00:00", "id": "OPENVAS:1361412562310831748", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831748", "type": "openvas", "title": "Mandriva Update for hostapd MDVSA-2012:168 (hostapd)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for hostapd MDVSA-2012:168 (hostapd)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:168\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831748\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-10-23 09:29:43 +0530 (Tue, 23 Oct 2012)\");\n script_cve_id(\"CVE-2012-2389\", \"CVE-2012-4445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_xref(name:\"MDVSA\", value:\"2012:168\");\n script_name(\"Mandriva Update for hostapd MDVSA-2012:168 (hostapd)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'hostapd'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_2011\\.0\");\n script_tag(name:\"affected\", value:\"hostapd on Mandriva Linux 2011.0\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities has been discovered and corrected in hostapd:\n\n hostapd 0.7.3, and possibly other versions before 1.0, uses 0644\n permissions for /etc/hostapd/hostapd.conf, which might allow\n local users to obtain sensitive information such as credentials\n (CVE-2012-2389).\n\n Heap-based buffer overflow in the eap_server_tls_process_fragment\n function in eap_server_tls_common.c in the EAP authentication server\n in hostapd 0.6 through 1.0 allows remote attackers to cause a denial\n of service (crash or abort) via a small TLS Message Length value in\n an EAP-TLS message with the More Fragments flag set (CVE-2012-4445).\n\n The updated packages have been patched to correct these issues.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"hostapd\", rpm:\"hostapd~0.7.3~2.3\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:10:43", "description": "Remove hostapd-specific runtime state directory Fixup typo in pid file\npath in hostapd.service Fixup typo in configuration file path in\nhostapd.service Tighten-up default permissions for hostapd.conf\n(CVE-2012-2389) Add BuildRequires for systemd-units Fixup typo in\nconfiguration file path in hostapd.service Tighten-up default\npermissions for hostapd.conf (CVE-2012-2389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-20T00:00:00", "title": "Fedora 16 : hostapd-0.7.3-9.fc16 (2012-9206)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "modified": "2012-06-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:16", "p-cpe:/a:fedoraproject:fedora:hostapd"], "id": "FEDORA_2012-9206.NASL", "href": "https://www.tenable.com/plugins/nessus/59582", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9206.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59582);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name:\"FEDORA\", value:\"2012-9206\");\n\n script_name(english:\"Fedora 16 : hostapd-0.7.3-9.fc16 (2012-9206)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remove hostapd-specific runtime state directory Fixup typo in pid file\npath in hostapd.service Fixup typo in configuration file path in\nhostapd.service Tighten-up default permissions for hostapd.conf\n(CVE-2012-2389) Add BuildRequires for systemd-units Fixup typo in\nconfiguration file path in hostapd.service Tighten-up default\npermissions for hostapd.conf (CVE-2012-2389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=818800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=824661\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082459.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?42620824\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"hostapd-0.7.3-9.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:41", "description": "Tighten-up default permissions for hostapd.conf (CVE-2012-2389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-08T00:00:00", "title": "Fedora 15 : hostapd-0.7.3-2.1.fc15 (2012-8611)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "modified": "2012-06-08T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:15", "p-cpe:/a:fedoraproject:fedora:hostapd"], "id": "FEDORA_2012-8611.NASL", "href": "https://www.tenable.com/plugins/nessus/59421", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8611.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59421);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name:\"FEDORA\", value:\"2012-8611\");\n\n script_name(english:\"Fedora 15 : hostapd-0.7.3-2.1.fc15 (2012-8611)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Tighten-up default permissions for hostapd.conf (CVE-2012-2389)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=826109\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?64ad3ea2\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/08\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"hostapd-0.7.3-2.1.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:10:43", "description": "Remove hostapd-specific runtime state directory Fixup typo in pid file\npath in hostapd.service Add BuildRequires for systemd-units Fixup typo\nin configuration file path in hostapd.service\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-20T00:00:00", "title": "Fedora 17 : hostapd-0.7.3-9.fc17 (2012-9137)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2389"], "modified": "2012-06-20T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:hostapd"], "id": "FEDORA_2012-9137.NASL", "href": "https://www.tenable.com/plugins/nessus/59581", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-9137.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59581);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2389\");\n script_xref(name:\"FEDORA\", value:\"2012-9137\");\n\n script_name(english:\"Fedora 17 : hostapd-0.7.3-9.fc17 (2012-9137)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Remove hostapd-specific runtime state directory Fixup typo in pid file\npath in hostapd.service Add BuildRequires for systemd-units Fixup typo\nin configuration file path in hostapd.service\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=818800\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=824661\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082475.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?44384a68\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"hostapd-0.7.3-9.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"hostapd\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:53:53", "description": "Multiple vulnerabilities has been discovered and corrected in \nhostapd :\n\nhostapd 0.7.3, and possibly other versions before 1.0, uses 0644\npermissions for /etc/hostapd/hostapd.conf, which might allow local\nusers to obtain sensitive information such as credentials\n(CVE-2012-2389).\n\nHeap-based buffer overflow in the eap_server_tls_process_fragment\nfunction in eap_server_tls_common.c in the EAP authentication server\nin hostapd 0.6 through 1.0 allows remote attackers to cause a denial\nof service (crash or abort) via a small TLS Message Length value in an\nEAP-TLS message with the More Fragments flag set (CVE-2012-4445).\n\nThe updated packages have been patched to correct these issues.", "edition": 25, "published": "2012-10-23T00:00:00", "title": "Mandriva Linux Security Advisory : hostapd (MDVSA-2012:168)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-4445", "CVE-2012-2389"], "modified": "2012-10-23T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:hostapd"], "id": "MANDRIVA_MDVSA-2012-168.NASL", "href": "https://www.tenable.com/plugins/nessus/62659", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:168. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62659);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2389\", \"CVE-2012-4445\");\n script_bugtraq_id(54093, 55826);\n script_xref(name:\"MDVSA\", value:\"2012:168\");\n\n script_name(english:\"Mandriva Linux Security Advisory : hostapd (MDVSA-2012:168)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Multiple vulnerabilities has been discovered and corrected in \nhostapd :\n\nhostapd 0.7.3, and possibly other versions before 1.0, uses 0644\npermissions for /etc/hostapd/hostapd.conf, which might allow local\nusers to obtain sensitive information such as credentials\n(CVE-2012-2389).\n\nHeap-based buffer overflow in the eap_server_tls_process_fragment\nfunction in eap_server_tls_common.c in the EAP authentication server\nin hostapd 0.6 through 1.0 allows remote attackers to cause a denial\nof service (crash or abort) via a small TLS Message Length value in an\nEAP-TLS message with the More Fragments flag set (CVE-2012-4445).\n\nThe updated packages have been patched to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected hostapd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:hostapd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/10/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"hostapd-0.7.3-2.3-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:46", "bulletinFamily": "software", "cvelist": ["CVE-2012-4445", "CVE-2012-2389"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:168\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : hostapd\r\n Date : October 22, 2012\r\n Affected: 2011.\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Multiple vulnerabilities has been discovered and corrected in hostapd:\r\n \r\n hostapd 0.7.3, and possibly other versions before 1.0, uses 0644\r\n permissions for /etc/hostapd/hostapd.conf, which might allow\r\n local users to obtain sensitive information such as credentials\r\n (CVE-2012-2389).\r\n \r\n Heap-based buffer overflow in the eap_server_tls_process_fragment\r\n function in eap_server_tls_common.c in the EAP authentication server\r\n in hostapd 0.6 through 1.0 allows remote attackers to cause a denial\r\n of service (crash or abort) via a small TLS Message Length value in\r\n an EAP-TLS message with the More Fragments flag set (CVE-2012-4445).\r\n \r\n The updated packages have been patched to correct these issues.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2389\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 8fa9981eaf73dd9e84b62b42e300211a 2011/i586/hostapd-0.7.3-2.3-mdv2011.0.i586.rpm \r\n 912f917c8f0d5c8d146d544f9099cc29 2011/SRPMS/hostapd-0.7.3-2.3.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n 4d692e59b6e55c1cc9292315fcc0570a 2011/x86_64/hostapd-0.7.3-2.3-mdv2011.0.x86_64.rpm \r\n 912f917c8f0d5c8d146d544f9099cc29 2011/SRPMS/hostapd-0.7.3-2.3.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 (GNU/Linux)\r\n\r\niD8DBQFQhOGRmqjQ0CJFipgRAnrmAJ9xUxEo/Letga+CB8FLUkohKRRAnQCfeNqC\r\nbfTTMhF26NCvFgGKgu6nwEQ=\r\n=Cspq\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-10-28T00:00:00", "published": "2012-10-28T00:00:00", "id": "SECURITYVULNS:DOC:28684", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28684", "title": "[ MDVSA-2012:168 ] hostapd", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:49", "bulletinFamily": "software", "cvelist": ["CVE-2012-4445", "CVE-2012-2389"], "description": "Buffer overflow, weak permissions.", "edition": 1, "modified": "2012-10-28T00:00:00", "published": "2012-10-28T00:00:00", "id": "SECURITYVULNS:VULN:12670", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12670", "title": "hostapd security vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}
