oss-sec mailing list archives

Re: CVE request: aircrack-ng EAPOL buffer overflow

From: Josh Bressers <bressers () redhat com>
Date: Wed, 14 Apr 2010 15:19:01 -0400 (EDT)

Please use CVE-2010-1159 for this.

Thanks.

-- 
    JB


----- "Florian Weimer" <fw () deneb enyo de> wrote:

An exploit for a security vulnerability in aircrack-ng has been
published:

| The tools' code responsible for parsing IEEE802.11-packets assumes
the
| self-proclaimed length of a EAPOL-packet to be correct and never to
exceed
| a (arbitrary) maximum size of 256 bytes for packets that are part of
the
| EAPOL-authentication. [...]

<http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py>

The fix seems to be fixed in r1676 and r1683:

  <http://trac.aircrack-ng.org/changeset/1676>
  <http://trac.aircrack-ng.org/changeset/1683>

Current thread:

CVE request: aircrack-ng EAPOL buffer overflow Florian Weimer (Apr 14)
- Re: CVE request: aircrack-ng EAPOL buffer overflow Josh Bressers (Apr 14)