The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Aircrack-ng: buffer overflow of airodump-ng

Synthesis of the vulnerability 

An attacker can send a long 802.11 authentication packet in order to execute code in airodump-ng.
Vulnerable software: Debian, Unix (platform) ~ not comprehensive.
Severity of this announce: 2/4.
Creation date: 25/04/2007.
Références of this computer vulnerability: BID-23467, CERTA-2002-AVI-088, CVE-2007-2057, DSA-1280-1, VIGILANCE-VUL-6763, VU#349828.

Description of the vulnerability 

The Aircrack-ng suite permits to conduct attacks against 802.11 WEP and WPA-PSK keys.

The airodump-ng program captures packets. The "-w" or "--write" option indicates prefix of capture files.

When airodump-ng uses this option, it stores captured authentication packets in a fixed size array. However, size of packets is not checked, which leads to an overflow.

An attacker can therefore send a long 802.11 authentication packet in order to execute code in airodump-ng.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer vulnerability note impacts software or systems such as Debian, Unix (platform) ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer vulnerability announce is medium.

The trust level is of type confirmed by the editor, with an origin of LAN.

A proof of concept or an attack tool is available, so your teams have to process this alert. An attacker with a technician ability can exploit this cybersecurity announce.

Solutions for this threat 

Aircrack-ng: version 0.8.
Version 0.8 is corrected:
  http://www.aircrack-ng.org/

Debian: new aircrack-ng packages.
New packages are available:
  AMD64 architecture:
    http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_amd64.deb
      Size/MD5 checksum: 190972 12cb6f920db553bb1a76d1f4dc36bad2
  Intel IA-32 architecture:
    http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_i386.deb
      Size/MD5 checksum: 192166 2be2b95c98f9de66886765c18335f9b9
  Intel IA-64 architecture:
    http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_ia64.deb
      Size/MD5 checksum: 268668 bc4ac4de85d212913cfb267c6472ed65
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides networks vulnerabilities patches. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.