Mageia Bugzilla – Bug 7746
hostapd new security issue CVE-2012-4445
Last modified: 2012-10-15 11:21:38 CEST
Debian has issued an advisory on October 8:
The RedHat bug has more details and a link to the fix:
Mageia 1 and Mageia 2 are also likely to be affected.
Patched packages uploaded for Mageia 1, Mageia 2, and Cauldron.
This also fixes a minor permissions issue, CVE-2012-2389.
Updated hostapd package fixes security vulnerabilities:
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644
permissions for /etc/hostapd/hostapd.conf, which might allow local users
to obtain sensitive information such as credentials (CVE-2012-2389).
Timo Warns discovered that the internal authentication server of hostapd,
a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
is vulnerable to a buffer overflow when processing fragmented EAP-TLS
messages. As a result, an internal overflow checking routine terminates
the process. An attacker can abuse this flaw to conduct denial of
service attacks via crafted EAP-TLS messages prior to any authentication
Updated packages in core/updates_testing:
permission of hostapd.conf changed from 644 to 600. Tests successfully on mga1 and mga2 (both i586 and x86_64).
Updates validated. Please see advisory and SRCRPM in Comment #1
Could someone of the sysadmin team push it to Core-Updates? Thanks.
This affects wpa_supplicant as well. Same fix applies.
Hey, there's a quite nifty way with mdv/mga to find possible affected code. Activate main and updates debug packages then just do "urpmf eap_server_tls_common.c".
Whoops. The affected code is not used. Sorry.