FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient message length validation for EAP-TLS messages

Affected packages
8.3	<=	FreeBSD	<	8.3_5
9.0	<=	FreeBSD	<	9.0_5

Details

VuXML ID	f115f693-36b2-11e2-a633-902b343deec9
Discovery	2012-11-22
Entry	2012-11-24

Problem description:

The internal authentication server of hostapd does not sufficiently validate the message length field of EAP-TLS messages.

[source]

References

CVE Name	CVE-2012-4445
FreeBSD Advisory	SA-12:07.hostapd

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.