Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 437830 (CVE-2012-4445)

Summary: <net-wireless/hostapd-1.0-r4 : EAP-TLS Message Handling Denial of Service Vulnerability (CVE-2012-4445)
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: gurligebis, zerochaos
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://secunia.com/advisories/50888/
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2012-10-10 12:27:07 UTC 
From secunia advisory at $URL:

Description
A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message.

Successful exploitation requires that hostapd is configured to use the internal EAP authentication server.

The vulnerability is reported in versions 0.6 through 1.0.


Solution
Fixed in the GIT repository.
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Comment 1 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 13:14:42 UTC 
Patch included in hostapd-1.0-r4 - the rest is up to you :-)
Comment 2 Agostino Sarubbo gentoo-dev 2012-10-10 13:36:08 UTC 
(In reply to comment #1)
> Patch included in hostapd-1.0-r4 - the rest is up to you :-)

Thanks.

Arches, please test and mark stable:
=net-wireless/hostapd-1.0-r4
Target KEYWORDS: "amd64 ppc x86"
Comment 3 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 15:26:08 UTC 
Once marked stable, please remove every other version than 1.0-r4.

Thanks
Comment 4 Andreas Schürch gentoo-dev 2012-10-11 14:13:08 UTC 
x86 done
Comment 5 Agostino Sarubbo gentoo-dev 2012-10-11 14:23:58 UTC 
amd64 stable
Comment 6 Anthony Basile gentoo-dev 2012-10-12 00:53:14 UTC 
stable ppc
Comment 7 Agostino Sarubbo gentoo-dev 2012-10-12 06:47:19 UTC 
(In reply to comment #3)
> Once marked stable, please remove every other version than 1.0-r4.
> 
> Thanks

Cleanup done, security please vote.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:39:26 UTC 
CVE-2012-4445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4445):
  Heap-based buffer overflow in the eap_server_tls_process_fragment function
  in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6
  through 1.0 allows remote attackers to cause a denial of service (crash or
  abort) via a small "TLS Message Length" value in an EAP-TLS message with the
  "More Fragments" flag set.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 22:10:33 UTC 
Vote: no.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 22:25:38 UTC 
GLSA vote: no.

Closing noglsa.