Hostapd ‘hostapd.conf’ Configuration File Insecure File Permissions Vulnerability

Summary

hostapd is prone to an insecure file-permission vulnerability.

Credit:

The original article can be found at: https://bugzilla.novell.com/show_bug.cgi?id=740964


Details

Vulnerable Systems:
 * Red Hat Fedora 17
 * Red Hat Fedora 16
 * Mandriva Linux Mandrake 2011 x86_64
 * Mandriva Linux Mandrake 2011

A local attacker can exploit this issue to obtain potentially sensitive information such as credentials for PSKs and shared radius secrets. Information obtained may aid in further attacks.

CVE Information:
CVE-2012-2389

Disclosure Timeline:
Published: May 23 2012 12:00AM
Updated: Oct 22 2012 11:30AM

Categories: News