Gentoo has issued an advisory today (October 7): http://www.gentoo.org/security/en/glsa/glsa-201310-06.xml Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron. Advisory: ======================== Updated aircrack-ng package fixes security vulnerability: A buffer overflow vulnerability has been discovered in Aircrack-ng. A remote attacker could entice a user to open a specially crafted dump file using Aircrack-ng, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition (CVE-2010-1159). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1159 http://www.gentoo.org/security/en/glsa/glsa-201310-06.xml ======================== Updated packages in core/updates_testing: ======================== aircrack-ng-1.1-4.1.mga2 aircrack-ng-1.1-5.1.mga3 from SRPMS: aircrack-ng-1.1-4.1.mga2.src.rpm aircrack-ng-1.1-5.1.mga3.src.rpm Reproducible: Steps to Reproduce:
PoC: https://bugs.gentoo.org/show_bug.cgi?id=311797 http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.cap Should cause segfault with "airodump-ng -r aircrackng_exploit.cap" Testing complete mga3 64 PoC doesn't segfault for me. Checked with airodump-ng, aircrack-ng and airdecap-ng. Basic testing from the start of the tutorial here: http://www.aircrack-ng.org/doku.php?id=injection_test installing aircrack-ng-1.1-5.1.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################## 1/1: aircrack-ng ########################## [*] Downloading IEEE OUI file... [*] Parsing OUI file... [*] Airodump-ng OUI file successfully updated 1/1: removing aircrack-ng-1.1-5.mga3.x86_64 ########################## # airmon-ng start wlan0 Found 3 processes that could cause trouble. If airodump-ng, aireplay-ng or airtun-ng stops working after a short period of time, you may want to kill (some of) them! PID Name 1254 ifplugd 24075 avahi-daemon 24078 avahi-daemon Interface Chipset Driver wlan0 Unknown carl9170 - [phy0] (monitor mode enabled on mon0) # aireplay-ng -9 mon0 11:11:49 Trying broadcast probe requests... 11:11:50 No Answer... 11:11:50 Found 2 APs ..etc. # airmon-ng stop wlan0 Interface Chipset Driver mon0 Unknown carl9170 - [phy0] wlan0 Unknown carl9170 - [phy0] (monitor mode disabled) ]# airmon-ng stop mon0 Interface Chipset Driver mon0 Unknown carl9170 - [phy0] (removed) wlan0 Unknown carl9170 - [phy0]
Whiteboard: (none) => has_procedure mga3-64-ok
Whiteboard: has_procedure mga3-64-ok => MGA2TOO has_procedure mga3-64-ok
Testing complete mga3 32
Whiteboard: MGA2TOO has_procedure mga3-64-ok => MGA2TOO has_procedure mga3-32-ok mga3-64-ok
Struggling to make my usb wifi available to virtualbox to test mga2, anybody with mga2 hardware able to test please?
Advisory 11402.adv committed to svn
CC: (none) => davidwhodgins
Testing complete mga2 32 & 64 As comment 3, I was unable to test functionality mga2 64 in vbox but ensured the update installed OK. Mga2 32 tested on real HW.
Validating. Advisory uploaded in comment 4. Could sysadmin please push from 2&3 core/updates_testing to updates Thanks!
Keywords: (none) => validated_updateWhiteboard: MGA2TOO has_procedure mga3-32-ok mga3-64-ok => MGA2TOO has_procedure mga2-32-ok mga2-64-ok mga3-32-ok mga3-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2013-0307.html
Status: NEW => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED