[arch-security] [Arch Linux Security Advisory ASA-201411-2] aircrack-ng: multiple vulnerabilities
Levente Polyak
anthraxx at archlinux.org
Mon Nov 3 17:48:56 UTC 2014
Arch Linux Security Advisory ASA-201411-2
=========================================
Severity: Critical
Date : 2014-11-03
CVE-ID : CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
Package : aircrack-ng
Type : multiple vulnerabilities
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
Summary
=======
The package aircrack-ng before version 1.2rc1-1 is vulnerable to
multiple security issues which may result in remote/local code
execution, privilege escalation and denial of service.
Resolution
==========
Upgrade to 1.2rc1-1.
# pacman -Syu "aircrack-ng>=1.2rc1-1"
The problem has been fixed upstream in version 1.2rc1.
Workaround
==========
None.
Description
===========
Nick Sampanis discovered the following vulnerabilities:
- CVE-2014-8321 (code execution and privilege escalation)
A stack overflow at airodump-ng gps_tracker() which may lead to code
execution and privilege escalation.
- CVE-2014-8322 (remote code execution)
A length parameter inconsistency at aireplay tcp_test() which may lead
to remote code execution.
- CVE-2014-8323 (denial of service)
A missing check for data format at buddy-ng which may lead to denial of
service.
- CVE-2014-8324 (denial of service)
A missing check for invalid values at airserv-ng net_get() which may
lead to denial of service.
Impact
======
A remote attacker in an adjacent network is able to perform code
execution, privilege escalation and denial of service via multiple
vulnerabilities.
References
==========
http://www.securityfocus.com/archive/1/533869/30/0/threaded
https://access.redhat.com/security/cve/CVE-2014-8321
https://access.redhat.com/security/cve/CVE-2014-8322
https://access.redhat.com/security/cve/CVE-2014-8323
https://access.redhat.com/security/cve/CVE-2014-8324
https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f2
https://github.com/aircrack-ng/aircrack-ng/commit/da0872389
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20141103/3fc5e31d/attachment.bin>
More information about the arch-security
mailing list