Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 437830 (CVE-2012-4445) - <net-wireless/hostapd-1.0-r4 : EAP-TLS Message Handling Denial of Service Vulnerability (CVE-2012-4445)
Summary: <net-wireless/hostapd-1.0-r4 : EAP-TLS Message Handling Denial of Service Vul...
Status: RESOLVED FIXED
Alias: CVE-2012-4445
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://secunia.com/advisories/50888/
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-10-10 12:27 UTC by Agostino Sarubbo
Modified: 2012-12-16 22:25 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-10-10 12:27:07 UTC
From secunia advisory at $URL:

Description
A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message.

Successful exploitation requires that hostapd is configured to use the internal EAP authentication server.

The vulnerability is reported in versions 0.6 through 1.0.


Solution
Fixed in the GIT repository.
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Comment 1 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 13:14:42 UTC
Patch included in hostapd-1.0-r4 - the rest is up to you :-)
Comment 2 Agostino Sarubbo gentoo-dev 2012-10-10 13:36:08 UTC
(In reply to comment #1)
> Patch included in hostapd-1.0-r4 - the rest is up to you :-)

Thanks.

Arches, please test and mark stable:
=net-wireless/hostapd-1.0-r4
Target KEYWORDS: "amd64 ppc x86"
Comment 3 Bjarke Istrup Pedersen (RETIRED) gentoo-dev 2012-10-10 15:26:08 UTC
Once marked stable, please remove every other version than 1.0-r4.

Thanks
Comment 4 Andreas Schürch gentoo-dev 2012-10-11 14:13:08 UTC
x86 done
Comment 5 Agostino Sarubbo gentoo-dev 2012-10-11 14:23:58 UTC
amd64 stable
Comment 6 Anthony Basile gentoo-dev 2012-10-12 00:53:14 UTC
stable ppc
Comment 7 Agostino Sarubbo gentoo-dev 2012-10-12 06:47:19 UTC
(In reply to comment #3)
> Once marked stable, please remove every other version than 1.0-r4.
> 
> Thanks

Cleanup done, security please vote.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2012-10-13 20:39:26 UTC
CVE-2012-4445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4445):
  Heap-based buffer overflow in the eap_server_tls_process_fragment function
  in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6
  through 1.0 allows remote attackers to cause a denial of service (crash or
  abort) via a small "TLS Message Length" value in an EAP-TLS message with the
  "More Fragments" flag set.
Comment 9 Stefan Behte (RETIRED) gentoo-dev Security 2012-12-16 22:10:33 UTC
Vote: no.
Comment 10 Sean Amoss (RETIRED) gentoo-dev Security 2012-12-16 22:25:38 UTC
GLSA vote: no.

Closing noglsa.