FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient message length validation for EAP-TLS messages

Affected packages
8.3 <= FreeBSD < 8.3_5
9.0 <= FreeBSD < 9.0_5

Details

VuXML ID f115f693-36b2-11e2-a633-902b343deec9
Discovery 2012-11-22
Entry 2012-11-24

Problem description:

The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages.

References

CVE Name CVE-2012-4445
FreeBSD Advisory SA-12:07.hostapd