Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Aircrack-ng 1.2 Beta 3 DoS / Code Execution: Posted Nov 3, 2014; Authored by Nick Sampanis; Aircrack-ng version 1.2 Beta 3 suffers from code execution, denial of service, and privilege escalation vulnerabilities.; tags | advisory, denial of service, overflow, vulnerability, code execution; advisories | CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324; SHA-256 | f3e7c8a63cbec61d5c78827efb02d49d9d05689624c2f7561f5febd98b07fd60; Download | Favorite | View

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities
 
Description:
--------------------------------  
Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified:
 
  -   A stack overflow at airodump-ng gps_tracker() which may lead to
code execution, privilege escalation.
  -   A length parameter inconsistency at aireplay tcp_test() which may
lead to remote code execution.
  -   A missing check for data format at buddy-ng which may lead to
denial of service.
  -   A missing check for invalid values at airserv-ng net_get() which
may lead to denial of service.
 
 
Researcher:
---------------------------------  
Nick Sampanis (n.sampanis[a t]obrela[do t]com)
 
 
Vulnerabilities:
----------------------------------
gps_tracer stack overflow  CVE-2014-8321
tcp_test length parameter inconsistency CVE-2014-8322
buddy-ng missing check  in data format CVE-2014-8323
net_get missing check for invalid values CVE-2014-8324
 
 
Bugs and fixes submit date:
-----------------------------------
3/10/2014
 
 
Impact:
-----------------------------------
CVE-2014-8321: Severity: High AV: Local Impact type: Code execution/Privilege escalation
CVE-2014-8322: Severity: Critical AV: Remote Impact type: Code execution
CVE-2014-8323: Severity: High AV: Remote Impact type: Denial of service
CVE-2014-8324: Severity: High AV: Remote Impact type: Denial of service

Solution - fix & patch:
------------------------------------
Kali linux(and maybe some other distros) use to distribute aircrack-ng package
without stack cookie protection which makes CVE-2014-8322 easily exploitable.
The new package with stack cookie protection enabled is called debian/1.2-beta3-0kali3.

Download the respective commits from github. Soon a new version
will be released but at the time there is no patched version.
 
https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e

Reference:
------------------------------------
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1401/

Top Authors In Last 30 Days

Red Hat 228 files
Ubuntu 89 files
Gentoo 31 files
Debian 22 files
tmrswrr 10 files
Sina Kheirkhah 7 files
bRpsd 4 files
Rodolfo Tavares 4 files
nu11secur1ty 3 files
Google Security Research 3 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,079)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,531)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,380)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,289)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,663)
UNIX (9,426)
UnixWare (187)
Windows (6,666)
Other

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Share This

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems