Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 437830 (CVE-2012-4445)

Summary: <net-wireless/hostapd-1.0-r4 : EAP-TLS Message Handling Denial of Service Vulnerability (CVE-2012-4445)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: gurligebis, zerochaos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-10-10 12:27:07 UTC
From secunia advisory at $URL:

A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message.

Successful exploitation requires that hostapd is configured to use the internal EAP authentication server.

The vulnerability is reported in versions 0.6 through 1.0.

Fixed in the GIT repository.;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Comment 1 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 13:14:42 UTC
Patch included in hostapd-1.0-r4 - the rest is up to you :-)
Comment 2 Agostino Sarubbo gentoo-dev 2012-10-10 13:36:08 UTC
(In reply to comment #1)
> Patch included in hostapd-1.0-r4 - the rest is up to you :-)


Arches, please test and mark stable:
Target KEYWORDS: "amd64 ppc x86"
Comment 3 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 15:26:08 UTC
Once marked stable, please remove every other version than 1.0-r4.

Comment 4 Andreas Schürch gentoo-dev 2012-10-11 14:13:08 UTC
x86 done
Comment 5 Agostino Sarubbo gentoo-dev 2012-10-11 14:23:58 UTC
amd64 stable
Comment 6 Anthony Basile gentoo-dev 2012-10-12 00:53:14 UTC
stable ppc
Comment 7 Agostino Sarubbo gentoo-dev 2012-10-12 06:47:19 UTC
(In reply to comment #3)
> Once marked stable, please remove every other version than 1.0-r4.
> Thanks

Cleanup done, security please vote.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:39:26 UTC
CVE-2012-4445 (
  Heap-based buffer overflow in the eap_server_tls_process_fragment function
  in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6
  through 1.0 allows remote attackers to cause a denial of service (crash or
  abort) via a small "TLS Message Length" value in an EAP-TLS message with the
  "More Fragments" flag set.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 22:10:33 UTC
Vote: no.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 22:25:38 UTC
GLSA vote: no.

Closing noglsa.