Bug 7746 - hostapd new security issue CVE-2012-4445
: hostapd new security issue CVE-2012-4445
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/518914/
: MGA2-32-OK, MGA2-64-OK, MGA1-32-OK, M...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-10-09 13:27 CEST by David Walser
Modified: 2012-10-15 11:21 CEST (History)
5 users (show)

See Also:
Source RPM: hostapd-0.7.3-4.mga2.src.rpm
CVE:
Status comment:


Attachments

Description David Walser 2012-10-09 13:27:57 CEST
Debian has issued an advisory on October 8:
http://www.debian.org/security/2012/dsa-2557

The RedHat bug has more details and a link to the fix:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4445

Mageia 1 and Mageia 2 are also likely to be affected.
Comment 1 David Walser 2012-10-09 14:42:39 CEST
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron.

This also fixes a minor permissions issue, CVE-2012-2389.

Advisory:
========================

Updated hostapd package fixes security vulnerabilities:

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
permissions for /etc/hostapd/hostapd.conf, which might allow local users
to obtain sensitive information such as credentials (CVE-2012-2389).

Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages.  As a result, an internal overflow checking routine terminates
the process.  An attacker can abuse this flaw to conduct denial of
service attacks via crafted EAP-TLS messages prior to any authentication
(CVE-2012-4445).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082475.html
http://www.debian.org/security/2012/dsa-2557
========================

Updated packages in core/updates_testing:
========================
hostapd-0.7.3-2.1.mga1
hostapd-0.7.3-4.1.mga2

from SRPMS:
hostapd-0.7.3-2.1.mga1.src.rpm
hostapd-0.7.3-4.1.mga2.src.rpm
Comment 2 Marc Lattemann 2012-10-10 14:26:07 CEST
permission of hostapd.conf changed from 644 to 600. Tests successfully on mga1 and mga2 (both i586 and x86_64).

Updates validated. Please see advisory and SRCRPM in Comment #1

Could someone of the sysadmin team push it to Core-Updates? Thanks.
Comment 3 Thomas Backlund 2012-10-11 09:49:19 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0291
Comment 4 Oden Eriksson 2012-10-15 09:56:48 CEST
This affects wpa_supplicant as well. Same fix applies.

Hey, there's a quite nifty way with mdv/mga to find possible affected code. Activate main and updates debug packages then just do "urpmf eap_server_tls_common.c".

Cheers.
Comment 5 Oden Eriksson 2012-10-15 11:21:38 CEST
Whoops. The affected code is not used. Sorry.

Note You need to log in before you can comment on or make changes to this bug.