CVE-2012-2389 | Vulnerability Database | Aqua Security

hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.

Affected Software

Name	Vendor	Start Version	End Version
Hostapd	W1.fi	0.7.3 (including)	0.7.3 (including)
Hostapd	Ubuntu	hardy	*
Hostapd	Ubuntu	lucid	*
Hostapd	Ubuntu	natty	*
Hostapd	Ubuntu	oneiric	*
Hostapd	Ubuntu	precise	*

References

http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
http://www.openwall.com/lists/oss-security/2012/05/23/13
http://www.openwall.com/lists/oss-security/2012/05/23/3
http://www.openwall.com/lists/oss-security/2012/05/23/5
https://bugzilla.novell.com/show_bug.cgi?id=740964
https://bugzilla.redhat.com/show_bug.cgi?id=824660
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081983.html
http://www.mandriva.com/security/advisories?name=MDVSA-2012:168
http://www.openwall.com/lists/oss-security/2012/05/23/13
http://www.openwall.com/lists/oss-security/2012/05/23/3
http://www.openwall.com/lists/oss-security/2012/05/23/5
https://bugzilla.novell.com/show_bug.cgi?id=740964
https://bugzilla.redhat.com/show_bug.cgi?id=824660

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-2389
CWE	https://cwe.mitre.org/data/definitions/264.html