Arch Linux Security Advisory ASA-201411-2 ========================================= Severity: Critical Date : 2014-11-03 CVE-ID : CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324 Package : aircrack-ng Type : multiple vulnerabilities Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE-2014 Summary ======= The package aircrack-ng before version 1.2rc1-1 is vulnerable to multiple security issues which may result in remote/local code execution, privilege escalation and denial of service. Resolution ========== Upgrade to 1.2rc1-1. # pacman -Syu "aircrack-ng>=1.2rc1-1" The problem has been fixed upstream in version 1.2rc1. Workaround ========== None. Description =========== Nick Sampanis discovered the following vulnerabilities: - CVE-2014-8321 (code execution and privilege escalation) A stack overflow at airodump-ng gps_tracker() which may lead to code execution and privilege escalation. - CVE-2014-8322 (remote code execution) A length parameter inconsistency at aireplay tcp_test() which may lead to remote code execution. - CVE-2014-8323 (denial of service) A missing check for data format at buddy-ng which may lead to denial of service. - CVE-2014-8324 (denial of service) A missing check for invalid values at airserv-ng net_get() which may lead to denial of service. Impact ====== A remote attacker in an adjacent network is able to perform code execution, privilege escalation and denial of service via multiple vulnerabilities. References ========== http://www.securityfocus.com/archive/1/533869/30/0/threaded https://access.redhat.com/security/cve/CVE-2014-8321 https://access.redhat.com/security/cve/CVE-2014-8322 https://access.redhat.com/security/cve/CVE-2014-8323 https://access.redhat.com/security/cve/CVE-2014-8324 https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd https://github.com/aircrack-ng/aircrack-ng/commit/091b153f2 https://github.com/aircrack-ng/aircrack-ng/commit/da0872389 https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce