A denial of service flaw was found in the way hostapd, a user space daemon for access point and authentication servers, processed certain fragmented EAP-TLS messages. A remote attacker could send a specially-crafted EAP-TLS message to hostapd that, when processed would lead to hostapd daemon abort. Acknowledgements: Red Hat would like to thank Timo Warns of PRESENSE Technologies GmbH for reporting this issue.
This issue affects the versions of the hostapd package, as shipped with Fedora release of 16 and 17.
Preliminary embargo date for this issue has been set up to Monday, 8-th October 2012.
Created attachment 616508 [details] Proposed eap_server_tls_process_fragment() patch by Jouni Malinen from the hostapd project
The CVE identifier of CVE-2012-4445 has been assigned to this issue.
Upstream commit: http://w1.fi/gitweb/gitweb.cgi?p=hostap.git;a=commitdiff;h=586c446e0ff42ae00315b014924ec669023bd8de
Public now via: http://www.openwall.com/lists/oss-security/2012/10/08/3
Created hostapd tracking bugs for this issue Affects: fedora-all [bug 864051]
hostapd-1.0-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
hostapd-0.7.3-10.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
Statement: Not Vulnerable. This issue does not affect the version of wpa_supplicant as shipped with Red Hat Enterprise Linux 5 and 6.
This issue does not affect the versions of the wpa_supplicant package, as shipped with Fedora release of 16 and 17.