CVE-2014-8321: Buffer Overflow
First published: Mon Nov 03 2014(Updated: )
It was reported [1] that four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified: - <a href="https://access.redhat.com/security/cve/CVE-2014-8321">CVE-2014-8321</a> A stack overflow at airodump-ng gps_tracker() which may lead to code execution, privilege escalation. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5">https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8322">CVE-2014-8322</a> A length parameter inconsistency at aireplay tcp_test() which may lead to remote code execution. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b">https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8323">CVE-2014-8323</a> A missing check for data format at buddy-ng which may lead to denial of service. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70">https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70</a> - <a href="https://access.redhat.com/security/cve/CVE-2014-8324">CVE-2014-8324</a> A missing check for invalid values at airserv-ng net_get() which may lead to denial of service. <a href="https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e">https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e</a> Soon a new version will be released but at the time there is no patched version. [1]: <a href="http://seclists.org/bugtraq/2014/Nov/1">http://seclists.org/bugtraq/2014/Nov/1</a>
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Aircrack-ng | <=1.1 | |
| Aircrack-ng | =1.2-beta1 | |
| Aircrack-ng | =1.2-beta2 | |
| Aircrack-ng | =1.2-beta3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html
- http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98458
- https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/
- https://github.com/aircrack-ng/aircrack-ng/pull/13
- https://access.redhat.com/security/cve/CVE-2014-8321
- https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
- https://access.redhat.com/security/cve/CVE-2014-8322
- https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
- https://access.redhat.com/security/cve/CVE-2014-8323
- https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
- https://access.redhat.com/security/cve/CVE-2014-8324
- https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e
- http://seclists.org/bugtraq/2014/Nov/1
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1159813
- https://bugzilla.redhat.com/show_bug.cgi?id=1159812
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8321
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/aircrack-ng
- canonical/aircrack-ng
- version/aircrack-ng/1.1
- version/aircrack-ng/1.2-beta1
- version/aircrack-ng/1.2-beta2
- version/aircrack-ng/1.2-beta3