CVE-2012-4445

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-4445 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Timo Warns.
The original article can be found at: http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-4445

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* hostapd 0.6 through 1.0

Attackers may leverage this issue to crash the application, denying service to legitimate users.

A vulnerability has been reported in hostapd, which can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a boundary error within the "eap_server_tls_process_fragment()" function (eap_server/eap_server_tls_common.c) when handling fragment data within TLS messages. This can be exploited to cause a buffer overflow and crash the service via a specially crafted EAP-TLS message.

Successful exploitation requires that hostapd is configured to use the internal EAP authentication server.

Patch Availability:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de

CVE Information:
CVE-2012-4445

Disclosure Timeline:
Published: Oct 08 2012 12:00AM
Updated: Oct 22 2012 11:30AM

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus