[arch-security] [Arch Linux Security Advisory ASA-201411-2] aircrack-ng: multiple vulnerabilities
anthraxx at archlinux.org
Mon Nov 3 17:48:56 UTC 2014
Arch Linux Security Advisory ASA-201411-2
Date : 2014-11-03
CVE-ID : CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
Package : aircrack-ng
Type : multiple vulnerabilities
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE-2014
The package aircrack-ng before version 1.2rc1-1 is vulnerable to
multiple security issues which may result in remote/local code
execution, privilege escalation and denial of service.
Upgrade to 1.2rc1-1.
# pacman -Syu "aircrack-ng>=1.2rc1-1"
The problem has been fixed upstream in version 1.2rc1.
Nick Sampanis discovered the following vulnerabilities:
- CVE-2014-8321 (code execution and privilege escalation)
A stack overflow at airodump-ng gps_tracker() which may lead to code
execution and privilege escalation.
- CVE-2014-8322 (remote code execution)
A length parameter inconsistency at aireplay tcp_test() which may lead
to remote code execution.
- CVE-2014-8323 (denial of service)
A missing check for data format at buddy-ng which may lead to denial of
- CVE-2014-8324 (denial of service)
A missing check for invalid values at airserv-ng net_get() which may
lead to denial of service.
A remote attacker in an adjacent network is able to perform code
execution, privilege escalation and denial of service via multiple
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the arch-security