MDVSA-2012:168 -- Mandriva hostapdID: oval:org.secpod.oval:def:302976 | Date: (C)2012-11-06 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities has been discovered and corrected in hostapd: hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials . Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service via a small TLS Message Length value in an EAP-TLS message with the More Fragments flag set . The updated packages have been patched to correct these issues.
Platform: |
Mandriva Linux 2011.0 |