[pkg-wpa-devel] Bug#689990: wpa: CVE-2012-4445 denial of service

Stefan Lippers-Hollmann s.L-H at gmx.de
Mon Oct 8 21:36:04 UTC 2012 

Control: tags -1 + pending

Hi

On Monday 08 October 2012, Nico Golde wrote:
> Package: wpa
> Severity: grave
> Tags: security patch
> 
> Hi,
> the following vulnerability was published for hostapd.
> 
> CVE-2012-4445[0]:
> | Timo Warns discovered that the internal authentication server of hostapd,
> | a user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator,
> | is vulnerable to a buffer overflow when processing fragmented EAP-TLS
> | messages.  As a result, an internal overflow checking routine terminates
> | the process.  An attacker can abuse this flaw to conduct denial of service
> | attacks via crafted EAP-TLS messages prior to any authentication.
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> Please also ask for an unblock on -release after fixing this issue so it will
> be picked up for wheezy.
> 
> The patch I used for the DSA: 
> http://people.debian.org/~nion/nmu-diff/hostapd-0.6.10-2_0.6.10-2+squeeze1.patch
> 
> For further information see:
> 
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4445
>     http://security-tracker.debian.org/tracker/CVE-2012-4445

Thanks a lot, I found that one[1] after receiving the ftp-master accept
already, I'll try to contact a potential sponsor for [2] within the 
next few hours.

Regards
	Stefan Lippers-Hollmann

[1]	http://anonscm.debian.org/viewvc/pkg-wpa/wpa/trunk/debian/patches/EAP-TLS-server_fix-TLS-Message-length-validation.patch?view=markup
[2]	http://aptosid.com/slh/wpa/wpa_1.0-3.dsc
	http://aptosid.com/slh/wpa/wpa_1.0-3.debian.tar.gz
	http://aptosid.com/slh/wpa/wpa_1.0.orig.tar.gz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-wpa-devel/attachments/20121008/8d510d9e/attachment.pgp>

More information about the Pkg-wpa-devel mailing list