Executive Summary
| Summary | |
|---|---|
| Title | New hostapd packages fix denial of service |
| Informations | |||
|---|---|---|---|
| Name | DSA-1065 | First vendor Publication | 2006-05-19 |
| Vendor | Debian | Last vendor Modification | 2006-05-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:N/A:P) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Matteo Rosi and Leonardo Maccari discovered that hostapd, a wifi network authenticator daemon, performs insufficient boundary checks on a key length value, which might be exploited to crash the service. The old stable distribution (woody) does not contain hostapd packages. For the stable distribution (sarge) this problem has been fixed in version 0.3.7-2sarge1. For the unstable distribution (sid) this problem has been fixed in version 0.5-1. We recommend that you upgrade your hostapd package. |
Original Source
| Url : http://www.debian.org/security/2006/dsa-1065 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-01-17 | Name : Debian Security Advisory DSA 1065-1 (hostapd) File : nvt/deb_1065_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 25233 | Hostapd EAPoL Frame Handling Remote DoS Hostapd contains a flaw that may allow a remote denial of service. An attacker can send a specially crafted EAPoL frame with an overly large value in the length field, resulting in loss of availability for the service. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1065.nasl - Type : ACT_GATHER_INFO |
| 2006-05-27 | Name : The remote Mandrake Linux host is missing a security update. File : mandrake_MDKSA-2006-088.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:25:48 |
|
