First published: Mon Nov 03 2014(Updated: )
It was reported [1] that four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: - <a href="https://access.redhat.com/security/cve/CVE-2014-8321">CVE-2014-8321</a> A stack overflow at airodump-ng gps_tracker() which may lead to code execution, privilege escalation. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5">https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8322">CVE-2014-8322</a> A length parameter inconsistency at aireplay tcp_test() which may lead to remote code execution. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b">https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8323">CVE-2014-8323</a> A missing check for data format at buddy-ng which may lead to denial of service. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70">https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8324">CVE-2014-8324</a> A missing check for invalid values at airserv-ng net_get() which may lead to denial of service. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e">https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e</a> Soon a new version will be released but at the time there is no patched version. [1]: <a href="http://seclists.org/bugtraq/2014/Nov/1">http://seclists.org/bugtraq/2014/Nov/1</a>
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Aircrack-ng Aircrack-ng | <=1.1 | |
Aircrack-ng Aircrack-ng | =1.2-beta1 | |
Aircrack-ng Aircrack-ng | =1.2-beta2 | |
Aircrack-ng Aircrack-ng | =1.2-beta3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.