CVSS: 4.3EPSS: 8%CPEs: 13EXPL: 0CVE-2012-4445
https://notcve.org/view.php?id=CVE-2012-4445
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set. Desbordamiento de búfer basado en memoria dinámica en la función eap_server_tls_process_fragment de eap_server_tls_common.c en el servidor de autenticación EAP en hostapd v0.6 hasta v1.0 permite a atacantes remotos provocar un denegación de servicio (caída o cancelación) mediante un valor "TLS Message Length" pequeño, en un mensaje EAP-TLS con el valor "More Fragments" activo. • http://osvdb.org/86051 http://secunia.com/advisories/50805 http://secunia.com/advisories/50888 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de http://www.debian.org/security/2012/dsa-2557 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 http://www.openwall.com/lists/oss-security/2012/10/08/3 http://www.pre-cert.de/advisories/PRE-SA-2012&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0CVE-2012-2389
https://notcve.org/view.php?id=CVE-2012-2389
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. hostapd v0.7.3 y posiblemente otras versiones antes de la v1.0, utilizan permisos 0644 en /etc/hostapd/hostapd.conf, lo que podría permitir a usuarios locales obtener información sensible, como por ejemplo las credenciales. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 http://www.openwall.com/lists/oss-security/2012/05/23/13 http://www.openwall.com/lists/oss-security/2012/05/23/3 http://www.openwall.com/lists/oss-security/2012/05/23/5 https://bugzilla.novell.com/show_bug.cgi?id=740964 https://bugzilla.redhat.com/show_bug.cgi?id=824660 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 9%CPEs: 1EXPL: 0CVE-2006-2213
https://notcve.org/view.php?id=CVE-2006-2213
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Hostapd 0.3.7-2 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de un valor no especificado en el campo key_data_length de un marco EAPoL. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365897 http://secunia.com/advisories/19966 http://secunia.com/advisories/20195 http://secunia.com/advisories/20265 http://www.debian.org/security/2006/dsa-1065 http://www.mandriva.com/security/advisories?name=MDKSA-2006:088 http://www.osvdb.org/25233 http://www.securityfocus.com/bid/17846 http://www.vupen.com/english/advisories/2006/1657 https://exchange.xforce.ibmcloud.com/vulnerabilities/26239 •