Bug 859918 (CVE-2012-4445)

Summary: CVE-2012-4445 hostapd, wpa_supplicant: DoS (abort) by processing certain fragmented EAP-TLS messages
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: linville, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-31 10:25:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 864051, 864596    
Bug Blocks: 859922, 864602    
Attachments:
Description Flags
Proposed eap_server_tls_process_fragment() patch by Jouni Malinen from the hostapd project none

Description Jan Lieskovsky 2012-09-24 11:53:14 UTC 
A denial of service flaw was found in the way hostapd, a user space daemon for access point and authentication servers, processed certain fragmented EAP-TLS messages. A remote attacker could send a specially-crafted EAP-TLS message to hostapd that, when processed would lead to hostapd daemon abort.

Acknowledgements:

Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue.
Comment 2 Jan Lieskovsky 2012-09-24 11:55:33 UTC 
This issue affects the versions of the hostapd package, as shipped with Fedora release of 16 and 17.
Comment 3 Jan Lieskovsky 2012-09-24 11:56:17 UTC 
Preliminary embargo date for this issue has been set up to Monday, 8-th October 2012.
Comment 4 Jan Lieskovsky 2012-09-24 11:58:16 UTC 
Created attachment 616508 [details]
Proposed eap_server_tls_process_fragment() patch by Jouni Malinen from the hostapd project
Comment 6 Jan Lieskovsky 2012-09-24 16:06:53 UTC 
The CVE identifier of CVE-2012-4445 has been assigned to this issue.
Comment 7 Tomas Hoger 2012-10-07 18:27:46 UTC 
Upstream commit:
http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Comment 8 Jan Lieskovsky 2012-10-08 13:01:16 UTC 
Public now via:
http://www.openwall.com/lists/oss-security/2012/10/08/3
Comment 9 Jan Lieskovsky 2012-10-08 13:02:46 UTC 
Created hostapd tracking bugs for this issue

Affects: fedora-all [bug 864051]
Comment 12 Fedora Update System 2012-10-13 02:59:27 UTC 
hostapd-1.0-3.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 13 Fedora Update System 2012-10-18 00:28:45 UTC 
hostapd-0.7.3-10.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 17 Huzaifa S. Sidhpurwala 2012-10-31 10:18:13 UTC 
Statement:

Not Vulnerable. This issue does not affect the version of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.
Comment 18 Huzaifa S. Sidhpurwala 2012-10-31 10:21:23 UTC 
This issue does not affect the versions of the wpa_supplicant package, as shipped with Fedora release of 16 and 17.