Gentoo Bug 174340 - net-wireless/aircrack-ng remote buffer overflow vulnerability (CVE-2007-2057)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	174340
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Timothy Redaelli <drizzt@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 174340 depends on:			Show dependency tree Show dependency graph
Bug 174340 blocks:			Show dependency tree Show dependency graph

Additional Comments: (this is where you put emerge --info)

Add to CC list

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2007-04-12 20:40 0000

I. DESCRIPTION

A buffer overflow vulnerability has been found in airodump-ng, part of
the aircrack-ng package.  The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on
a remote machine running the airodump-ng tool.

Patch available here: http://trac.aircrack-ng.org/changeset/288

------- Comment #1 From Vic Fryzel (shellsage) 2007-04-13 10:50:14 0000 -------

Any news on an upstream fixed release?

------- Comment #2 From Ali Polatel 2007-04-13 14:40:11 0000 -------

 This has been fixed in the latest development sources:
 http://trac.aircrack-ng.org/changeset/288

------- Comment #3 From Sune Kloppenborg Jeppesen 2007-04-13 16:18:57 0000 -------

netmon/crypto please advise.

------- Comment #4 From Alon Bar-Lev (RETIRED) 2007-04-13 16:45:25 0000 -------

I downgraded the diff in aircrack-ng-0.7-r2, I hope this version has no other
issues, since it somewhat different.

------- Comment #5 From Sune Kloppenborg Jeppesen 2007-04-13 19:29:53 0000 -------

x86 please test and mark aircrack-ng-0.7-r2 stable.

Btw thx for the note Ali.

------- Comment #6 From Raúl Porcel 2007-04-13 21:22:40 0000 -------

x86 stable

------- Comment #7 From Sune Kloppenborg Jeppesen 2007-04-18 05:15:02 0000 -------

Bah, that was only a partial commit.

Fixing rating as C1 (you have to enable --write and it's remote active)

------- Comment #8 From Raphael Marichez 2007-04-22 21:19:31 0000 -------

GLSA 200704-16, thanks to everybody

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 174340

net-wireless/aircrack-ng remote buffer overflow vulnerability (CVE-2007-2057)

Last modified: 2007-04-22 21:19:31 0000