id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
167	remote buffer overflow vulnerability in airodump-ng	jonny [ @…		"Author: Jonathan So < jonny [ @ ] nop-art [ dot ] net>

I. DESCRIPTION

A stack overflow vulnerability has been found in airodump-ng, part of the
aircrack-ng package.  The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on a
remote machine running the aerodump-ng tool.

II. DETAILS

Aerodump-ng fails to check the size of 802.11 authentication packets
before copying into an insufficiently sized global buffer.  As a result
it is possible to overwrite another global variable passed as the size
parameter to a subsequent memcpy() operation, in order to overflow a
stack buffer.

This vulnerability has been successfully exploited against on an x86
Linux 2.6.20 machine running airodump-ng 0.7.  Other versions and
platforms are also likely to be affected."	defect	closed	critical	0.9	airodump-ng	0.7	fixed	remote buffer overflow vulnerability