Ticket #167 (closed defect: fixed)

Opened 20 months ago

Last modified 7 weeks ago

remote buffer overflow vulnerability in airodump-ng

Reported by: jonny [ @… Owned by:
Priority: critical Milestone: 0.9
Component: airodump-ng Version: 0.7
Keywords: remote buffer overflow vulnerability Cc:

Description

Author: Jonathan So < jonny [ @ ] nop-art [ dot ] net>

I. DESCRIPTION

A stack overflow vulnerability has been found in airodump-ng, part of the aircrack-ng package. The vulnerability could allow an attacker to transmit specially crafted 802.11 packets to execute arbitrary code on a remote machine running the aerodump-ng tool.

II. DETAILS

Aerodump-ng fails to check the size of 802.11 authentication packets before copying into an insufficiently sized global buffer. As a result it is possible to overwrite another global variable passed as the size parameter to a subsequent memcpy() operation, in order to overflow a stack buffer.

This vulnerability has been successfully exploited against on an x86 Linux 2.6.20 machine running airodump-ng 0.7. Other versions and platforms are also likely to be affected.

Attachments

Change History

Changed 20 months ago by misterx

More details at http://www.nop-art.net/advisories/airodump-ng.txt

Changed 20 months ago by hirte

  • status changed from new to closed
  • resolution set to fixed

(In [288]) Fixed vulnerability in both branches (Closes: #167).

Changed 19 months ago by misterx

  • milestone changed from 0.8.1 to 0.9

Milestone 0.8.1 deleted

Add/Change #167 (remote buffer overflow vulnerability in airodump-ng)

Author



Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.