ID de Prueba:	1.3.6.1.4.1.25623.1.0.72530
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2012:168 (hostapd)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to hostapd announced via advisory MDVSA-2012:168. Multiple vulnerabilities has been discovered and corrected in hostapd: hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials (CVE-2012-2389). Heap-based buffer overflow in the eap_server_tls_process_fragment function in eap_server_tls_common.c in the EAP authentication server in hostapd 0.6 through 1.0 allows remote attackers to cause a denial of service (crash or abort) via a small TLS Message Length value in an EAP-TLS message with the More Fragments flag set (CVE-2012-4445). The updated packages have been patched to correct these issues. Affected: 2011. Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2012:168 Risk factor : High
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2012-2389 FEDORA-2012-8611 http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html MDVSA-2012:168 http://www.mandriva.com/security/advisories?name=MDVSA-2012:168 [oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials http://www.openwall.com/lists/oss-security/2012/05/23/3 [oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials http://www.openwall.com/lists/oss-security/2012/05/23/13 http://www.openwall.com/lists/oss-security/2012/05/23/5 https://bugzilla.novell.com/show_bug.cgi?id=740964 https://bugzilla.redhat.com/show_bug.cgi?id=824660 Common Vulnerability Exposure (CVE) ID: CVE-2012-4445 1027808 http://www.securitytracker.com/id?1027808 50805 http://secunia.com/advisories/50805 50888 http://secunia.com/advisories/50888 55826 http://www.securityfocus.com/bid/55826 86051 http://osvdb.org/86051 DSA-2557 http://www.debian.org/security/2012/dsa-2557 FreeBSD-SA-12:07 http://www.freebsd.org/security/advisories/FreeBSD-SA-12:07.hostapd.asc [oss-security] 20121008 [PRE-SA-2012-07] hostapd: Missing EAP-TLS message length validation http://www.openwall.com/lists/oss-security/2012/10/08/3 hostapd-eaptls-dos(79104) https://exchange.xforce.ibmcloud.com/vulnerabilities/79104 http://w1.fi/gitweb/gitweb.cgi?p=hostap.git%3Ba=commitdiff%3Bh=586c446e0ff42ae00315b014924ec669023bd8de http://www.pre-cert.de/advisories/PRE-SA-2012-07.txt
Copyright	Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.