Buffer overflow not properly patched
|Reported by:||opensource@…||Owned by:|
changeset:1676 seems not to address the recently discovered buffer overflow.
From the Fedora bug report: (Bug 577654 in Red Hat's Bugzilla)
- The code checks if the self-proclaimed size of the packet is larger than the real packet size. If the packet is larger than 256 bytes AND correctly tells about that, the heap will still be overwritten...
- The self-proclaimed size of the packet is compared to uninitialized data, resulting in random results
- They forgot to patch airbase-ng.c
Change History (6)
comment:3 Changed 4 years ago by opensource@…
- Resolution fixed deleted
- Status changed from closed to reopened
Changed 12 days ago by vanhoefm
Note: See TracTickets for help on using tickets.