November 24th, 2014

aircrack-ng remote buffer overflow vulnerability

It’s always a bit painfully sardonic when security tools are vulnerable to nasty remote execution bugs. It appears that aircrack-ng has a buffer overflow vulnerability in the latest version, and I don’t see a patch for it yet. A side effect of this is that wicrawl is potentially vulnerable as well through its aircrack-ng plugin. wicrawl currently uses the 0.6.1 release of aircrack, and I’m not sure if it is vulnerable or not. The best bet is to disable the aircrack plugin in the profile for now, until we can get an updated version from upstream. I haven’t verified the vulnerability yet (in either version), but it will be interesting to see what comes of this. If anyone sees a patch surface, post a comment, and I’ll apply it to the aircrack-plugin and release it for wicrawl.

Update: Oops, I forgot to link to the actual exploit in the original post.

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS