[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

DSA-2557-1 hostapd -- buffer overflow

ID: oval:org.secpod.oval:def:600897Date: (C)2012-10-17   (M)2023-02-20
Class: PATCHFamily: unix




Timo Warns discovered that the internal authentication server of hostapd, a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator, is vulnerable to a buffer overflow when processing fragmented EAP-TLS messages. As a result, an internal overflow checking routine terminates the process. An attacker can abuse this flaw to conduct denial of service attacks via crafted EAP-TLS messages prior to any authentication.

Platform:
Debian 6.0
Product:
hostapd
Reference:
DSA-2557-1
CVE-2012-4445
CVE    1
CVE-2012-4445
CPE    14
cpe:/a:w1.fi:hostapd:0.6.7
cpe:/a:w1.fi:hostapd:0.6.6
cpe:/o:debian:debian_linux:6.x
cpe:/a:w1.fi:hostapd:0.6.5
...

© SecPod Technologies