OSVDB ID: 86051 Title: hostapd eap_server/eap_server_tls_common.c eap_server_tls_process_fragment() Function TLS Message Fragment Data Parsing Remote Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
hostapd is prone to an overflow condition. The eap_server_tls_process_fragment() function of eap_server/eap_server_tls_common.c fails to properly sanitize user-supplied input during the parsing of fragment data of a TLS message resulting in a buffer overflow. With a specially crafted EAP-TLS message, a remote attacker can potentially execute arbitrary code. |
Classification |
Location:
Remote / Network Access
Attack Type: Input Manipulation Impact: Loss of Integrity Solution: Patch / RCS Exploit: Exploit Unknown Disclosure: Vendor Verified |
Solution |
Currently, there are no known workarounds or upgrades to correct this issue. However, a patch has been committed to the CVS/GIT repository that addresses this vulnerability. Until it is incorporated into the next release of the software, manually patching an existing installation is the only known available solution. Check the vendor advisory or solution URL in the references section. |
Products |
|
References |
|
Credit |
Unknown or Incomplete |