Summary: | <net-wireless/aircrack-ng-1.1-r2: Buffer overflow (CVE-2010-1159) | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | ebfe <knabberknusperhaus> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | chiiph, netmon | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | Linux | ||||||||||
Whiteboard: | B2 [glsa] | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
ebfe
2010-03-28 16:59:03 UTC
Created attachment 225585 [details]
Demonstrates denial-of-service in all aircrack-ng tools
*** Bug 315341 has been marked as a duplicate of this bug. *** Please stabilize net-wireless/aircrack-ng-1.1. Bug is not fixed in 1.1 See https://bugzilla.redhat.com/show_bug.cgi?id=577654 ebfe: Do the following revisions fix the remaining problems? http://trac.aircrack-ng.org/changeset/1699 http://trac.aircrack-ng.org/changeset/1701 http://trac.aircrack-ng.org/changeset/1702 version 1.1 was released with the following fix: http://trac.aircrack-ng.org/changeset/1676 This bug was then opened stating the fix was incomplete: http://trac.aircrack-ng.org/ticket/728 https://bugzilla.redhat.com/show_bug.cgi?id=577654 And then the following commits were done post-1.1: http://trac.aircrack-ng.org/changeset/1683 http://trac.aircrack-ng.org/changeset/1687 http://trac.aircrack-ng.org/changeset/1699 http://trac.aircrack-ng.org/changeset/1701 http://trac.aircrack-ng.org/changeset/1702 Created attachment 266675 [details] -r1 ebuild that includes patch. @netmon and @crypto, ping? There appears to be considerable interest in getting this package updated. Unless I am mistaken, these are the three fixes we need, and in reality, 1702 updates the changes made by 1699 and 1702. > http://trac.aircrack-ng.org/changeset/1699 > http://trac.aircrack-ng.org/changeset/1701 > http://trac.aircrack-ng.org/changeset/1702 I've attached an -r1 ebuild and patch that *should* correct this issue. Please review and consider. Thanks! Created attachment 266677 [details, diff]
Patch for review
aircrack-ng-1.1-r2 in tree with patch. Thanks! (In reply to comment #9) > aircrack-ng-1.1-r2 in tree with patch. > Thanks! Thanks, Alon. Arches, please test and mark stable. amd64 stable x86 stable ppc stable arm stable, all arches done. Thanks, everyone. New GLSA request filed. This issue was resolved and addressed in GLSA 201310-06 at http://security.gentoo.org/glsa/glsa-201310-06.xml by GLSA coordinator Sergey Popov (pinkbyte). CVE-2010-1159 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1159): Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. |