CVE-2012-2389

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html

http://www.mandriva.com/security/advisories?name=MDVSA-2012:168

http://www.openwall.com/lists/oss-security/2012/05/23/13

http://www.openwall.com/lists/oss-security/2012/05/23/3

http://www.openwall.com/lists/oss-security/2012/05/23/5

https://bugzilla.novell.com/show_bug.cgi?id=740964

https://bugzilla.redhat.com/show_bug.cgi?id=824660

Details

Source: MITRE

Published: 2012-06-21

Updated: 2013-04-19

Type: CWE-264

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:w1.fi:hostapd:0.7.3:*:*:*:*:*:*:*

Tenable Plugins

View all (4 total)

IDNameProductFamilySeverity
62659Mandriva Linux Security Advisory : hostapd (MDVSA-2012:168)NessusMandriva Local Security Checks
medium
59582Fedora 16 : hostapd-0.7.3-9.fc16 (2012-9206)NessusFedora Local Security Checks
low
59581Fedora 17 : hostapd-0.7.3-9.fc17 (2012-9137)NessusFedora Local Security Checks
low
59421Fedora 15 : hostapd-0.7.3-2.1.fc15 (2012-8611)NessusFedora Local Security Checks
low