Bug 11402

Summary: aircrack-ng new security issue CVE-2010-1159
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, tmb
Version: 3Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/569660/
Whiteboard: MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-ok
Source RPM: aircrack-ng-1.1-5.mga3.src.rpm CVE:
Status comment:

Description David Walser 2013-10-07 20:04:29 CEST 
Gentoo has issued an advisory today (October 7):
http://www.gentoo.org/security/en/glsa/glsa-201310-06.xml

Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.

Advisory:
========================

Updated aircrack-ng package fixes security vulnerability:

A buffer overflow vulnerability has been discovered in Aircrack-ng. A remote
attacker could entice a user to open a specially crafted dump file using
Aircrack-ng, possibly resulting in execution of arbitrary code with the
privileges of the process or a Denial of Service condition (CVE-2010-1159).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1159
http://www.gentoo.org/security/en/glsa/glsa-201310-06.xml
========================

Updated packages in core/updates_testing:
========================
aircrack-ng-1.1-4.1.mga2
aircrack-ng-1.1-5.1.mga3

from SRPMS:
aircrack-ng-1.1-4.1.mga2.src.rpm
aircrack-ng-1.1-5.1.mga3.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 claire robinson 2013-10-10 12:31:09 CEST 
PoC: https://bugs.gentoo.org/show_bug.cgi?id=311797

http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.cap
Should cause segfault with "airodump-ng -r aircrackng_exploit.cap"



Testing complete mga3 64

PoC doesn't segfault for me. Checked with airodump-ng, aircrack-ng and airdecap-ng.


Basic testing from the start of the tutorial here:
http://www.aircrack-ng.org/doku.php?id=injection_test

installing aircrack-ng-1.1-5.1.mga3.x86_64.rpm from /var/cache/urpmi/rpms                                                                   
Preparing...                     ##########################
      1/1: aircrack-ng           ##########################
[*] Downloading IEEE OUI file...
[*] Parsing OUI file...
[*] Airodump-ng OUI file successfully updated
      1/1: removing aircrack-ng-1.1-5.mga3.x86_64
                                 ##########################

# airmon-ng start wlan0

Found 3 processes that could cause trouble.
If airodump-ng, aireplay-ng or airtun-ng stops working after
a short period of time, you may want to kill (some of) them!

PID     Name
1254    ifplugd
24075   avahi-daemon
24078   avahi-daemon


Interface       Chipset         Driver

wlan0           Unknown         carl9170 - [phy0]
                                (monitor mode enabled on mon0)

# aireplay-ng -9 mon0
11:11:49  Trying broadcast probe requests...
11:11:50  No Answer...
11:11:50  Found 2 APs
..etc.

# airmon-ng stop wlan0


Interface       Chipset         Driver

mon0            Unknown         carl9170 - [phy0]
wlan0           Unknown         carl9170 - [phy0]
                                (monitor mode disabled)

]# airmon-ng stop mon0


Interface       Chipset         Driver

mon0            Unknown         carl9170 - [phy0] (removed)
wlan0           Unknown         carl9170 - [phy0]

Whiteboard: (none) => has_procedure mga3-64-ok

claire robinson 2013-10-10 12:37:09 CEST

Whiteboard: has_procedure mga3-64-ok => MGA2TOO has_procedure mga3-64-ok

Comment 2 claire robinson 2013-10-10 12:43:18 CEST 
Testing complete mga3 32

Whiteboard: MGA2TOO has_procedure mga3-64-ok => MGA2TOO has_procedure mga3-32-ok mga3-64-ok

Comment 3 claire robinson 2013-10-10 13:11:04 CEST 
Struggling to make my usb wifi available to virtualbox to test mga2, anybody with mga2 hardware able to test please?
Comment 4 Dave Hodgins 2013-10-10 21:00:44 CEST 
Advisory 11402.adv committed to svn

CC: (none) => davidwhodgins

Comment 5 claire robinson 2013-10-14 09:37:53 CEST 
Testing complete mga2 32 & 64

As comment 3, I was unable to test functionality mga2 64 in vbox but ensured the update installed OK.

Mga2 32 tested on real HW.
Comment 6 claire robinson 2013-10-14 09:39:16 CEST 
Validating. Advisory uploaded in comment 4.

Could sysadmin please push from 2&3 core/updates_testing to updates

Thanks!

Keywords: (none) => validated_update
Whiteboard: MGA2TOO has_procedure mga3-32-ok mga3-64-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Thomas Backlund 2013-10-17 22:04:06 CEST 
Update pushed:
http://advisories.mageia.org/MGASA-2013-0307.html

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED