Test ID:	1.3.6.1.4.1.25623.1.0.72530
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2012:168 (hostapd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to hostapd announced via advisory MDVSA-2012:168. Multiple vulnerabilities has been discovered and corrected in hostapd: hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials (CVE-2012-2389). Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small TLS Message Length value in an EAP-TLS message with the More Fragments flag set (CVE-2012-4445). The updated packages have been patched to correct these issues. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2012:168 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2389 FEDORA-2012-8611 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html MDVSA-2012:168 http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 [oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials http://www.openwall.com/lists/oss-security/2012/05/23/3 [oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials http://www.openwall.com/lists/oss-security/2012/05/23/13 http://www.openwall.com/lists/oss-security/2012/05/23/5 https://bugzilla.novell.com/show_bug.cgi?id=740964 https://bugzilla.redhat.com/show_bug.cgi?id=824660 Common Vulnerability Exposure (CVE) ID: CVE-2012-4445 1027808 http://www.securitytracker.com/id?1027808 50805 http://secunia.com/advisories/50805 50888 http://secunia.com/advisories/50888 55826 http://www.securityfocus.com/bid/55826 86051 http://osvdb.org/86051 DSA-2557 http://www.debian.org/security/2012/dsa-2557 FreeBSD-SA-12:07 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc [oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation http://www.openwall.com/lists/oss-security/2012/10/08/3 hostapd-eaptls-dos(79104) https://exchange.xforce.ibmcloud.com/vulnerabilities/79104 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.