Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31330
HistoryNov 03, 2014 - 12:00 a.m.

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities

2014-11-0300:00:00
vulners.com
15
JSON

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities

Description:

Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified:

  • A stack overflow at airodump-ng gps_tracker() which may lead to
    code execution, privilege escalation.
  • A length parameter inconsistency at aireplay tcp_test() which may
    lead to remote code execution.
  • A missing check for data format at buddy-ng which may lead to
    denial of service.
  • A missing check for invalid values at airserv-ng net_get() which
    may lead to denial of service.

Researcher:

Nick Sampanis (n.sampanis[a t]obrela[do t]com)

Vulnerabilities:

gps_tracer stack overflow CVE-2014-8321
tcp_test length parameter inconsistency CVE-2014-8322
buddy-ng missing check in data format CVE-2014-8323
net_get missing check for invalid values CVE-2014-8324

Bugs and fixes submit date:

3/10/2014

Impact:

CVE-2014-8321: Severity: High AV: Local Impact type: Code execution/Privilege escalation
CVE-2014-8322: Severity: Critical AV: Remote Impact type: Code execution
CVE-2014-8323: Severity: High AV: Remote Impact type: Denial of service
CVE-2014-8324: Severity: High AV: Remote Impact type: Denial of service

Solution - fix & patch:

Kali linux(and maybe some other distros) use to distribute aircrack-ng package
without stack cookie protection which makes CVE-2014-8322 easily exploitable.
The new package with stack cookie protection enabled is called debian/1.2-beta3-0kali3.

Download the respective commits from github. Soon a new version
will be released but at the time there is no patched version.

https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e

Reference:

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1401/

Related

securityvulns 1
openvas 4
archlinux 1
nessus 5
gentoo 1
fedora 3
mageia 1
exploitpack 1
prion 4
debiancve 4
ubuntucve 4
cve 4
seebug 1
exploitdb 1
securityvulns
securityvulns
Aircrack-ng multiple security vulnerabilities
2014-11-03 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 201411-08
2015-09-29 00:00:00
Fedora Update for aircrack-ng FEDORA-2014-14233
2014-11-14 00:00:00
Fedora Update for aircrack-ng FEDORA-2014-14247
2014-11-14 00:00:00
archlinux
archlinux
aircrack-ng: multiple vulnerabilities
2014-11-03 00:00:00
nessus
nessus
Fedora 21 : aircrack-ng-1.2-0.5rc1.fc21 (2014-14283)
2014-11-11 00:00:00
Fedora 19 : aircrack-ng-1.2-0.3.rc1.fc19 (2014-14233)
2014-11-14 00:00:00
Fedora 20 : aircrack-ng-1.2-0.3.rc1.fc20 (2014-14247)
2014-11-14 00:00:00
gentoo
gentoo
Aircrack-ng: User-assisted execution of arbitrary code
2014-11-23 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: aircrack-ng-1.2-0.3.rc1.fc20
2014-11-13 18:16:46
[SECURITY] Fedora 19 Update: aircrack-ng-1.2-0.3.rc1.fc19
2014-11-13 18:19:02
[SECURITY] Fedora 21 Update: aircrack-ng-1.2-0.5rc1.fc21
2014-11-10 06:38:19
mageia
mageia
Updated aircrack-ng packages fix security vulnerabilities
2015-01-24 17:32:04
exploitpack
exploitpack
Aireplay-ng 1.2 beta3 - tcp_test Length Stack Overflow
2014-10-20 00:00:00
prion
prion
Stack overflow
2020-01-31 22:15:00
Stack overflow
2020-01-31 22:15:00
Code injection
2017-10-17 14:29:00
debiancve
debiancve
CVE-2014-8321
2020-01-31 22:15:00
CVE-2014-8323
2017-10-17 14:29:00
CVE-2014-8322
2020-01-31 22:15:00
ubuntucve
ubuntucve
CVE-2014-8323
2017-10-17 00:00:00
CVE-2014-8321
2020-01-31 00:00:00
CVE-2014-8322
2020-01-31 00:00:00
cve
cve
CVE-2014-8321
2020-01-31 22:15:00
CVE-2014-8322
2020-01-31 22:15:00
CVE-2014-8323
2017-10-17 14:29:00
seebug
seebug
Aireplay-ng 1.2 beta3 - &quot;tcp_test&quot; Length Parameter Stack Overflow
2014-11-13 00:00:00
exploitdb
exploitdb
Aireplay-ng 1.2 beta3 - &#039;tcp_test&#039; Length Stack Overflow
2014-10-20 00:00:00
JSON
Related for SECURITYVULNS:DOC:31330
securityvulns1openvas4archlinux1nessus5gentoo1fedora3mageia1exploitpack1prion4debiancve4ubuntucve4cve4seebug1exploitdb1