ID

VAR-201310-0002

CVE

CVE-2010-1159

TITLE

Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability

DESCRIPTION

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Aircrack-ng is a wireless crack attack tool. Aircrack-ng handles EAPOL messages with boundary errors. When a specially constructed wireless message is submitted to aircrack-ng or airedump-ng is used to open a specially constructed message capture file, a heap-based buffer overflow can be triggered. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Aircrack-ng is prone to a buffer-overflow vulnerability. Failed attacks will likely cause denial-of-service conditions. ---------------------------------------------------------------------- Secunia CSI + Microsoft SCCM ----------------------- = Extensive Patch Management http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ ---------------------------------------------------------------------- TITLE: Aircrack-ng EAPOL Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA39150 VERIFY ADVISORY: http://secunia.com/advisories/39150/ DESCRIPTION: Lukas Lueg has reported a vulnerability in Aircrack-ng, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to a boundary error in the processing of EAPOL packets. This can be exploited to cause a heap-based buffer overflow via e.g. SOLUTION: Do not process untrusted data using the Aircrack-ng tools. PROVIDED AND/OR DISCOVERED BY: Lukas Lueg ORIGINAL ADVISORY: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Aircrack-ng: User-assisted execution of arbitrary code Date: October 07, 2013 Bugs: #311797 ID: 201310-06 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A buffer overflow vulnerability in Aircrack-ng could result in execution of arbitrary code or Denial of Service. Background ========== Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-wireless/aircrack-ng < 1.1-r2 >= 1.1-r2 Description =========== A buffer overflow vulnerability has been discovered in Aircrack-ng. Workaround ========== There is no known workaround at this time. Resolution ========== All Aircrack-ng users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot -v ">=net-wireless/aircrack-ng-1.1-r2" References ========== [ 1 ] CVE-2010-1159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1159 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201310-06.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1159 http://advisories.mageia.org/MGASA-2013-0307.html _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 746eb2a4209b308b4a8fd77518f540e1 mbs1/x86_64/aircrack-ng-1.1-5.1.mbs1.x86_64.rpm df9505748ad1c627a1ee101bc478ab33 mbs1/SRPMS/aircrack-ng-1.1-5.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFSYNQAmqjQ0CJFipgRAtfPAKCcTsBxz3mP0w8xnyUicJdv7FBVVwCg7VQu S4oGoEhYNfQCG/SkLo8CEeA= =nq84 -----END PGP SIGNATURE-----

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

buffer overflow

CONFIGURATIONS

EXPLOIT AVAILABILITY

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Lukas Lueg

SOURCES

LAST UPDATE DATE

2025-04-11T23:10:39.215000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE