Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2389

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2012-2389
Last Modified 18 Apr 2013 11:21:41
Published 21 Jun 2012 11:55:12
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2012-2389

Summary

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.

Vulnerable Systems

Application

  • Hostapd 0.2.0

  • Hostapd 0.2.1

  • Hostapd 0.2.2

  • Hostapd 0.2.4

  • Hostapd 0.3.0

  • Hostapd 0.3.1

  • Hostapd 0.3.2

  • Hostapd 0.3.3

  • Hostapd 0.3.4

  • Hostapd 0.3.5

  • Hostapd 0.3.7

  • Hostapd 0.4.0

  • Hostapd 0.4.1

  • Hostapd 0.4.2

  • Hostapd 0.4.3

  • Hostapd 0.4.4

  • Hostapd 0.4.5

  • Hostapd 0.4.6

  • Hostapd 0.4.7

  • W1.fi Hostapd 0.5.0

  • W1.fi Hostapd 0.5.1

  • W1.fi Hostapd 0.5.2

  • W1.fi Hostapd 0.5.3

  • W1.fi Hostapd 0.5.4

  • W1.fi Hostapd 0.5.5

  • W1.fi Hostapd 0.5.6

  • W1.fi Hostapd 0.6.0

  • W1.fi Hostapd 0.6.1

  • W1.fi Hostapd 0.6.2

  • W1.fi Hostapd 0.6.3

  • W1.fi Hostapd 0.6.4

  • W1.fi Hostapd 0.6.5

  • W1.fi Hostapd 0.6.6

  • W1.fi Hostapd 0.6.7

  • W1.fi Hostapd 0.7.0

  • W1.fi Hostapd 0.7.1

  • W1.fi Hostapd 0.7.2

  • W1.fi Hostapd 0.7.3


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=824660

MISC - https://bugzilla.novell.com/show_bug.cgi?id=740964

MLIST - [oss-security] 20120523 Re: CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials

MLIST - [oss-security] 20120523 CVE request(?): hostapd: improper file permissions of hostapd's config leaks credentials

FEDORA - FEDORA-2012-8611

MANDRIVA - MDVSA-2012:168


Last Updated: 27 May 2016 10:56:34