CVE-2012-2389
published 2012-06-21CVE-2012-2389: hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive…
PriorityP44low2.1CVSS 2.0
AVLACLAuNCPINAN
EPSS
0.35%
27.1th percentile
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | wpa | — | — |
| w1.fi | hostapd | — | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_debian2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g3f4-94xv-v6fv: hostapd 0
ghsa_unreviewed·2022-05-17
CVE-2012-2389 [LOW] GHSA-g3f4-94xv-v6fv: hostapd 0
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
Debian
CVE-2012-2389: wpa - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for...
vendor_debian·2012·CVSS 2.1
CVE-2012-2389 [LOW] CVE-2012-2389: wpa - hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for...
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
bugzilla·2012-05-29·CVSS 2.1
CVE-2012-2389 [LOW] CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
+++ This bug was initially created as a clone of Bug #824661 +++
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodh
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf
bugzilla·2012-05-23·CVSS 2.1
CVE-2012-2389 [LOW] CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf
It was reported [1] that the default permissions of /etc/hostapd/hostapd.conf were insecure (0644) considering they could contain credentials (PSKs, shared radius secrets, etc.) that would then be world readable.
This is a low-impact flaw that be mitigated by changing the permissions to the file (upstream has done this now).
This was assigned CVE-2012-2389 [2] (although no credentials are written by any tools or by default to this file, so an administrator should logically tighten up the permissions if saving sensitive information to the file).
[1] https://bugzilla.novell.com/show_bug.cgi?id=740964
[2] http://www.openwall.com/lists/oss-security/2012/05/23/13
Discussion:
Created hostapd tracking bugs for
Bugzilla
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
bugzilla·2012-05-23·CVSS 2.1
CVE-2012-2389 [LOW] CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
CVE-2012-2389 hostapd: insecure default permissions on /etc/hostapd/hostapd.conf [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.
For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs). Please mention the CVE IDs being fixed
in the RPM changelog when available.
Bodhi update submission link:
https://admin.fedoraproject.org/updates/n
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:168http://www.openwall.com/lists/oss-security/2012/05/23/13http://www.openwall.com/lists/oss-security/2012/05/23/3http://www.openwall.com/lists/oss-security/2012/05/23/5https://bugzilla.novell.com/show_bug.cgi?id=740964https://bugzilla.redhat.com/show_bug.cgi?id=824660http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:168http://www.openwall.com/lists/oss-security/2012/05/23/13http://www.openwall.com/lists/oss-security/2012/05/23/3http://www.openwall.com/lists/oss-security/2012/05/23/5https://bugzilla.novell.com/show_bug.cgi?id=740964https://bugzilla.redhat.com/show_bug.cgi?id=824660
2012-06-21
Published