This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Multiple vulnerabilities has been discovered and corrected in
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
permissions for /etc/hostapd/hostapd.conf, which might allow local
users to obtain sensitive information such as credentials
Heap-based buffer overflow in the eap_server_tls_process_fragment
function in eap_server_tls_common.c in the EAP authentication server
in hostapd 0.6 through 1.0 allows remote attackers to cause a denial
of service (crash or abort) via a small TLS Message Length value in an
EAP-TLS message with the More Fragments flag set (CVE-2012-4445).
The updated packages have been patched to correct these issues.
Update the affected hostapd package.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true