CVE-2014-3686 – hostapd: wpa_cli and hostapd_cli remote command execution issue
https://notcve.org/view.php?id=CVE-2014-3686
wpa_supplicant and hostapd 0.7.2 through 2.2, when running with certain configurations and using wpa_cli or hostapd_cli with action scripts, allows remote attackers to execute arbitrary commands via a crafted frame. wpa_supplicant y hostapd 0.7.2 hasta 2.2 cuando se ejecutan ciertas configuraciones y se utilizan los secuencias de comandos using_wpa_cli o hostapd_cli, permite a atacantes remotos ejecutar comandos arbitrarios a través de un frame manipulado. A command injection flaw was found in the way the wpa_cli utility executed action scripts. If wpa_cli was run in daemon mode to execute an action script (specified using the -a command line option), and wpa_supplicant was configured to connect to a P2P group, malicious P2P group parameters could cause wpa_cli to execute arbitrary code. • http://advisories.mageia.org/MGASA-2014-0429.html http://lists.opensuse.org/opensuse-security-announce/2014-11/msg00000.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00027.html http://lists.opensuse.org/opensuse-updates/2014-10/msg00028.html http://rhn.redhat.com/errata/RHSA-2014-1956.html http://secunia.com/advisories/60366 http://secunia.com/advisories/60428 http://secunia.com/advisories/61271 http://w1.fi/security/2014-1 http://www.debian.org/security/2014/ • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2012-4445
https://notcve.org/view.php?id=CVE-2012-4445
Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small "TLS Message Length" value in an EAP-TLS message with the "More Fragments" flag set. Desbordamiento de búfer basado en memoria dinámica en la función eap_server_tls_process_fragment de eap_server_tls_common.c en el servidor de autenticación EAP en hostapd v0.6 hasta v1.0 permite a atacantes remotos provocar un denegación de servicio (caída o cancelación) mediante un valor "TLS Message Length" pequeño, en un mensaje EAP-TLS con el valor "More Fragments" activo. • http://osvdb.org/86051 http://secunia.com/advisories/50805 http://secunia.com/advisories/50888 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de http://www.debian.org/security/2012/dsa-2557 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 http://www.openwall.com/lists/oss-security/2012/10/08/3 http://www.pre-cert.de/advisories/PRE-SA-2012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2012-2389
https://notcve.org/view.php?id=CVE-2012-2389
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials. hostapd v0.7.3 y posiblemente otras versiones antes de la v1.0, utilizan permisos 0644 en /etc/hostapd/hostapd.conf, lo que podría permitir a usuarios locales obtener información sensible, como por ejemplo las credenciales. • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 http://www.openwall.com/lists/oss-security/2012/05/23/13 http://www.openwall.com/lists/oss-security/2012/05/23/3 http://www.openwall.com/lists/oss-security/2012/05/23/5 https://bugzilla.novell.com/show_bug.cgi?id=740964 https://bugzilla.redhat.com/show_bug.cgi?id=824660 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2006-2213
https://notcve.org/view.php?id=CVE-2006-2213
Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. Hostapd 0.3.7-2 permite a atacantes remotos provocar una denegación de servicio (fallo de segmentación) a través de un valor no especificado en el campo key_data_length de un marco EAPoL. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365897 http://secunia.com/advisories/19966 http://secunia.com/advisories/20195 http://secunia.com/advisories/20265 http://www.debian.org/security/2006/dsa-1065 http://www.mandriva.com/security/advisories?name=MDKSA-2006:088 http://www.osvdb.org/25233 http://www.securityfocus.com/bid/17846 http://www.vupen.com/english/advisories/2006/1657 https://exchange.xforce.ibmcloud.com/vulnerabilities/26239 •