Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 174340 - net-wireless/aircrack-ng remote buffer overflow vulnerability (CVE-2007-2057)
Summary: net-wireless/aircrack-ng remote buffer overflow vulnerability (CVE-2007-2057)
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High major (vote)
Assignee: Gentoo Security
Whiteboard: C1? [glsa] jaervosz
Depends on:
Reported: 2007-04-12 20:40 UTC by Timothy Redaelli (RETIRED)
Modified: 2007-04-22 21:19 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Timothy Redaelli (RETIRED) gentoo-dev 2007-04-12 20:40:42 UTC

A buffer overflow vulnerability has been found in airodump-ng, part of
the aircrack-ng package.  The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on
a remote machine running the airodump-ng tool.

Patch available here:
Comment 1 Vic Fryzel (shellsage) (RETIRED) gentoo-dev 2007-04-13 10:50:14 UTC
Any news on an upstream fixed release?
Comment 2 Ali Polatel (RETIRED) gentoo-dev 2007-04-13 14:40:11 UTC
 This has been fixed in the latest development sources:
Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-13 16:18:57 UTC
netmon/crypto please advise.
Comment 4 Alon Bar-Lev (RETIRED) gentoo-dev 2007-04-13 16:45:25 UTC
I downgraded the diff in aircrack-ng-0.7-r2, I hope this version has no other issues, since it somewhat different.
Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-13 19:29:53 UTC
x86 please test and mark aircrack-ng-0.7-r2 stable.

Btw thx for the note Ali.
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2007-04-13 21:22:40 UTC
x86 stable
Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev 2007-04-18 05:15:02 UTC
Bah, that was only a partial commit.

Fixing rating as C1 (you have to enable --write and it's remote active)
Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2007-04-22 21:19:31 UTC
GLSA 200704-16, thanks to everybody