aircrack-ng remote buffer overflow vulnerability
aaron posted in Uncategorized on April 12th, 2007
It’s always a bit painfully sardonic when security tools are vulnerable to nasty remote execution bugs. It appears that aircrack-ng has a buffer overflow vulnerability in the latest version, and I don’t see a patch for it yet. A side effect of this is that wicrawl is potentially vulnerable as well through its aircrack-ng plugin. wicrawl currently uses the 0.6.1 release of aircrack, and I’m not sure if it is vulnerable or not. The best bet is to disable the aircrack plugin in the profile for now, until we can get an updated version from upstream. I haven’t verified the vulnerability yet (in either version), but it will be interesting to see what comes of this. If anyone sees a patch surface, post a comment, and I’ll apply it to the aircrack-plugin and release it for wicrawl.
Update: Oops, I forgot to link to the actual exploit in the original post.