4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages. As a result, an internal overflow checking routine terminates
the process. An attacker can abuse this flaw to conduct denial of service
attacks via crafted EAP-TLS messages prior to any authentication.
For the stable distribution (squeeze), this problem has been fixed in
version 1:0.6.10-2+squeeze1.
For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.
We recommend that you upgrade your hostapd packages.
CPE | Name | Operator | Version |
---|---|---|---|
hostapd | eq | 1:0.6.10-2 |