FreeBSD Local Security Checks : FreeBSD Ports: FreeBSD

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.72596

Categoría: FreeBSD Local Security Checks

Título: FreeBSD Ports: FreeBSD

Resumen: The remote host is missing an update to the system; as announced in the referenced advisory.

Descripción: Summary:
The remote host is missing an update to the system
as announced in the referenced advisory.

Vulnerability Insight:
The following package is affected: FreeBSD

CVE-2012-4445
Heap-based buffer overflow in the eap_server_tls_process_fragment
function in eap_server_tls_common.c in the EAP authentication server
in hostapd 0.6 through 1.0 allows remote attackers to cause a denial
of service (crash or abort) via a small 'TLS Message Length' value in
an EAP-TLS message with the 'More Fragments' flag set.

Solution:
Update your system with the appropriate patches or
software upgrades.

CVSS Score:
4.3

CVSS Vector:
AV:N/AC:M/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2012-4445
1027808
http://www.securitytracker.com/id?1027808
50805
http://secunia.com/advisories/50805
50888
http://secunia.com/advisories/50888
55826
http://www.securityfocus.com/bid/55826
86051
http://osvdb.org/86051
DSA-2557
http://www.debian.org/security/2012/dsa-2557
FreeBSD-SA-12:07
http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc
MDVSA-2012:168
http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
[oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation
http://www.openwall.com/lists/oss-security/2012/10/08/3
hostapd-eaptls-dos(79104)
https://exchange.xforce.ibmcloud.com/vulnerabilities/79104
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de
http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt

Copyright Copyright (C) 2012 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.72596
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: FreeBSD
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: FreeBSD CVE-2012-4445 Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small 'TLS Message Length' value in an EAP-TLS message with the 'More Fragments' flag set. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-4445 1027808 http://www.securitytracker.com/id?1027808 50805 http://secunia.com/advisories/50805 50888 http://secunia.com/advisories/50888 55826 http://www.securityfocus.com/bid/55826 86051 http://osvdb.org/86051 DSA-2557 http://www.debian.org/security/2012/dsa-2557 FreeBSD-SA-12:07 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc MDVSA-2012:168 http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 [oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation http://www.openwall.com/lists/oss-security/2012/10/08/3 hostapd-eaptls-dos(79104) https://exchange.xforce.ibmcloud.com/vulnerabilities/79104 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
Copyright	Copyright (C) 2012 E-Soft Inc.