Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Aircrack-ng 1.2 Beta 3 DoS / Code Execution: Posted Nov 3, 2014; Authored by Nick Sampanis; Aircrack-ng version 1.2 Beta 3 suffers from code execution, denial of service, and privilege escalation vulnerabilities.; tags | advisory, denial of service, overflow, vulnerability, code execution; advisories | CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324; SHA-256 | f3e7c8a63cbec61d5c78827efb02d49d9d05689624c2f7561f5febd98b07fd60; Download | Favorite | View

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

"Aircrack-ng 1.2 Beta 3" multiple vulnerabilities
 
Description:
--------------------------------  
Four vulnerabilities exist on aircrack-ng <= 1.2 Beta 3 which allow remote/local code execution, privilege escalation and denial of service. Specifically, the following vulnerabilities were identified:
 
  -   A stack overflow at airodump-ng gps_tracker() which may lead to
code execution, privilege escalation.
  -   A length parameter inconsistency at aireplay tcp_test() which may
lead to remote code execution.
  -   A missing check for data format at buddy-ng which may lead to
denial of service.
  -   A missing check for invalid values at airserv-ng net_get() which
may lead to denial of service.
 
 
Researcher:
---------------------------------  
Nick Sampanis (n.sampanis[a t]obrela[do t]com)
 
 
Vulnerabilities:
----------------------------------
gps_tracer stack overflow  CVE-2014-8321
tcp_test length parameter inconsistency CVE-2014-8322
buddy-ng missing check  in data format CVE-2014-8323
net_get missing check for invalid values CVE-2014-8324
 
 
Bugs and fixes submit date:
-----------------------------------
3/10/2014
 
 
Impact:
-----------------------------------
CVE-2014-8321: Severity: High AV: Local Impact type: Code execution/Privilege escalation
CVE-2014-8322: Severity: Critical AV: Remote Impact type: Code execution
CVE-2014-8323: Severity: High AV: Remote Impact type: Denial of service
CVE-2014-8324: Severity: High AV: Remote Impact type: Denial of service

Solution - fix & patch:
------------------------------------
Kali linux(and maybe some other distros) use to distribute aircrack-ng package
without stack cookie protection which makes CVE-2014-8322 easily exploitable.
The new package with stack cookie protection enabled is called debian/1.2-beta3-0kali3.

Download the respective commits from github. Soon a new version
will be released but at the time there is no patched version.
 
https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e

Reference:
------------------------------------
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1401/

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 61 files
Debian 20 files
LiquidWorm 20 files
Apple 9 files
indoushka 5 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,160)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,842)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,249)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,975)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

Share This

Aircrack-ng 1.2 Beta 3 DoS / Code Execution

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems