hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
BID:17846
Info
hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
| Bugtraq ID: | 17846 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2006-2213 |
| Remote: | Yes |
| Local: | No |
| Published: | May 04 2006 12:00AM |
| Updated: | Nov 30 2006 09:39PM |
| Credit: | The vendor originally discovered this issue. Matteo Rosi reported this issue to Debian. |
| Vulnerable: |
Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 Mandriva Linux Mandrake 10.2 x86_64 Mandriva Linux Mandrake 10.2 hostapd hostapd 0.3.7 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: |
hostapd hostapd 0.3.9 |
Discussion
hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
The hostapd application is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed EAPOL-Key packets.
This issue allows remote attackers to crash affected applications, denying further network service to legitimate users.
Version 0.3.7 of hostapd is vulnerable to this issue; previous versions may also be affected.
The hostapd application is affected by a remote denial-of-service vulnerability. This issue is due to the application's failure to properly handle malformed EAPOL-Key packets.
This issue allows remote attackers to crash affected applications, denying further network service to legitimate users.
Version 0.3.7 of hostapd is vulnerable to this issue; previous versions may also be affected.
Exploit / POC
hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
This issue can be exploited via existing wireless-networking utilities.
This issue can be exploited via existing wireless-networking utilities.
Solution / Fix
hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
Solution:
The vendor has released version 0.3.8 to address this issue.
Please see the referenced vendor advisories for more information.
hostapd hostapd 0.3.7
Solution:
The vendor has released version 0.3.8 to address this issue.
Please see the referenced vendor advisories for more information.
hostapd hostapd 0.3.7
-
Debian hostapd_0.3.7-2sarge1_alpha.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_alpha.deb -
Debian hostapd_0.3.7-2sarge1_amd64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_amd64.deb -
Debian hostapd_0.3.7-2sarge1_arm.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_arm.deb -
Debian hostapd_0.3.7-2sarge1_hppa.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_hppa.deb -
Debian hostapd_0.3.7-2sarge1_i386.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_i386.deb -
Debian hostapd_0.3.7-2sarge1_ia64.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_ia64.deb -
Debian hostapd_0.3.7-2sarge1_m68k.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_m68k.deb -
Debian hostapd_0.3.7-2sarge1_mips.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_mips.deb -
Debian hostapd_0.3.7-2sarge1_mipsel.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_mipsel.deb -
Debian hostapd_0.3.7-2sarge1_powerpc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_powerpc.deb -
Debian hostapd_0.3.7-2sarge1_s390.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_s390.deb -
Debian hostapd_0.3.7-2sarge1_sparc.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/h/hostapd/hostapd_0.3.7-2 sarge1_sparc.deb -
hostapd hostapd-0.3.9.tar.gz
http://hostap.epitest.fi/releases/hostapd-0.3.9.tar.gz -
Mandriva hostapd-0.3.7-2.1.102dk.i586.rpm
Mandriva Linux 10.2:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva hostapd-0.3.7-2.1.102dk.x86_64.rpm
Mandriva Linux 10.2:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva hostapd-0.3.7-2.1.20060mdk.i586.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/ -
Mandriva hostapd-0.3.7-2.1.20060mdk.x86_64.rpm
Mandriva Linux 2006.0:
http://wwwnew.mandriva.com/en/downloads/
References
hostapd Invalid EAPOL Key Length Remote Denial Of Service Vulnerability
References:
References:
- Debian Bug report logs - #365897 (Debian)
- Diff for /hostap/hostapd/wpa.c between version 1.71 and 1.72 (hostapd)
- hostapd Home Page (hostapd)