Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 174340

Summary: net-wireless/aircrack-ng remote buffer overflow vulnerability (CVE-2007-2057)
Product: Gentoo Security Reporter: Timothy Redaelli (RETIRED) <drizzt>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: major CC: crypto+disabled, hawking, netmon
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: C1? [glsa] jaervosz
Package list:
Runtime testing required: ---

Description Timothy Redaelli (RETIRED) gentoo-dev 2007-04-12 20:40:42 UTC

A buffer overflow vulnerability has been found in airodump-ng, part of
the aircrack-ng package.  The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on
a remote machine running the airodump-ng tool.

Patch available here:
Comment 1 Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2007-04-13 10:50:14 UTC
Any news on an upstream fixed release?
Comment 2 Ali Polatel (RETIRED) gentoo-dev 2007-04-13 14:40:11 UTC
 This has been fixed in the latest development sources:
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-13 16:18:57 UTC
netmon/crypto please advise.
Comment 4 Alon Bar-Lev (RETIRED) gentoo-dev 2007-04-13 16:45:25 UTC
I downgraded the diff in aircrack-ng-0.7-r2, I hope this version has no other issues, since it somewhat different.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-13 19:29:53 UTC
x86 please test and mark aircrack-ng-0.7-r2 stable.

Btw thx for the note Ali.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-04-13 21:22:40 UTC
x86 stable
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-18 05:15:02 UTC
Bah, that was only a partial commit.

Fixing rating as C1 (you have to enable --write and it's remote active)
Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-04-22 21:19:31 UTC
GLSA 200704-16, thanks to everybody