Info

Disclosure

May 03, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Hostapd contains a flaw that may allow a remote denial of service. An attacker can send a specially crafted EAPoL frame with an overly large value in the length field, resulting in loss of availability for the service.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to version 0.3.9 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jouni Malinen

hostapd

0.3.7

References

Bugtraq ID: 17846
Secunia Advisory ID: 19966 20195 20265
CVE ID: 2006-2213 (see also: NVD)
VUPEN Advisory: ADV-2006-1657
Vendor Specific News/Changelog Entry: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365897
Vendor URL: http://hostap.epitest.fi/hostapd/
Vendor Specific Advisory URL: http://www.mandriva.com/security/advisories?name=MDKSA-2006:088
http://www.us.debian.org/security/2006/dsa-1065

Credit

Matteo Rosi - rosilart.det.unifi.it -

Direct URL: http://osvdb.org/25233