Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2557-1
HistoryOct 08, 2012 - 12:00 a.m.

hostapd - denial of service

2012-10-0800:00:00
Google
osv.dev
7

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON

Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages. As a result, an internal overflow checking routine terminates
the process. An attacker can abuse this flaw to conduct denial of service
attacks via crafted EAP-TLS messages prior to any authentication.

For the stable distribution (squeeze), this problem has been fixed in
version 1:0.6.10-2+squeeze1.

For the testing (wheezy) and unstable (sid) distributions, this problem
will be fixed soon.

We recommend that you upgrade your hostapd packages.

CPENameOperatorVersion
hostapdeq1:0.6.10-2

Related

openvas 10
fedora 3
nessus 7
prion 1
securityvulns 5
ubuntucve 1
debian 1
freebsd 1
freebsd_advisory 1
debiancve 1
cve 1
openvas
openvas
Fedora Update for hostapd FEDORA-2012-15759
2012-10-19 00:00:00
Fedora Update for hostapd FEDORA-2012-15748
2012-10-19 00:00:00
FreeBSD Ports: FreeBSD
2012-11-26 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: hostapd-0.7.3-10.fc17
2012-10-18 00:32:53
[SECURITY] Fedora 16 Update: hostapd-0.7.3-10.fc16
2012-10-18 00:28:50
[SECURITY] Fedora 18 Update: hostapd-1.0-3.fc18
2012-10-13 02:59:33
nessus
nessus
Fedora 16 : hostapd-0.7.3-10.fc16 (2012-15748)
2012-10-18 00:00:00
openSUSE Security Update : hostapd (openSUSE-SU-2012:1371-1)
2014-06-13 00:00:00
Debian DSA-2557-1 : hostapd - buffer overflow
2012-10-09 00:00:00
prion
prion
Heap overflow
2012-10-10 18:55:00
securityvulns
securityvulns
[PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
2012-10-10 00:00:00
hostapd buffer overflow
2012-10-10 00:00:00
[SECURITY] [DSA 2557-1] hostapd security update
2012-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2012-4445
2012-10-10 00:00:00
debian
debian
[SECURITY] [DSA 2557-1] hostapd security update
2012-10-08 08:41:48
freebsd
freebsd
FreeBSD -- Insufficient message length validation for EAP-TLS messages
2012-11-22 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-12:07.hostapd
2012-11-22 00:00:00
debiancve
debiancve
CVE-2012-4445
2012-10-10 18:55:00
cve
cve
CVE-2012-4445
2012-10-10 18:55:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

JSON
Related for OSV:DSA-2557-1
openvas10fedora3nessus7prion1securityvulns5ubuntucve1debian1freebsd1freebsd_advisory1debiancve1cve1