Mandriva Linux Security Advisory : hostapd (MDVSA-2012:168)

This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Multiple vulnerabilities has been discovered and corrected in
hostapd :

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
permissions for /etc/hostapd/hostapd.conf, which might allow local
users to obtain sensitive information such as credentials

Heap-based buffer overflow in the eap_server_tls_process_fragment
function in eap_server_tls_common.c in the EAP authentication server
in hostapd 0.6 through 1.0 allows remote attackers to cause a denial
of service (crash or abort) via a small TLS Message Length value in an
EAP-TLS message with the More Fragments flag set (CVE-2012-4445).

The updated packages have been patched to correct these issues.

Solution :

Update the affected hostapd package.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 62659 ()

Bugtraq ID: 54093

CVE ID: CVE-2012-2389

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now