remote buffer overflow vulnerability in airodump-ng

[aircrack-ng]

Reported by jonny on 12 Apr 2007 14:52 UTC

Author: Jonathan So < jonny [ @ ] nop-art [ dot ] net>

I. DESCRIPTION

A stack overflow vulnerability has been found in airodump-ng, part of the
aircrack-ng package. The vulnerability could allow an attacker to
transmit specially crafted 802.11 packets to execute arbitrary code on a
remote machine running the aerodump-ng tool.

II. DETAILS

Aerodump-ng fails to check the size of 802.11 authentication packets
before copying into an insufficiently sized global buffer. As a result
it is possible to overwrite another global variable passed as the size
parameter to a subsequent memcpy() operation, in order to overflow a
stack buffer.

This vulnerability has been successfully exploited against on an x86
Linux 2.6.20 machine running airodump-ng 0.7. Other versions and
platforms are also likely to be affected.

[aircrack-ng]

Comment by misterx on 12 Apr 2007 14:52 UTC

More details at http://www.nop-art.net/advisories/airodump-ng.txt

[aircrack-ng]

Comment by hirte on 12 Apr 2007 14:52 UTC

(In #288) Fixed vulnerability in both branches (Closes: #167).

[aircrack-ng]

Comment by misterx on 12 Apr 2007 14:52 UTC

Milestone 0.8.1 deleted