[oss-security] CVE request: aircrack-ng EAPOL buffer overflow

An exploit for a security vulnerability in aircrack-ng has been
published:

| The tools' code responsible for parsing IEEE802.11-packets assumes the
| self-proclaimed length of a EAPOL-packet to be correct and never to exceed
| a (arbitrary) maximum size of 256 bytes for packets that are part of the
| EAPOL-authentication. [...]

<http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py>

The fix seems to be fixed in r1676 and r1683:

  <http://trac.aircrack-ng.org/changeset/1676>
  <http://trac.aircrack-ng.org/changeset/1683>

• This message: [ Message body ]
• Next message: Josh Bressers: "Re: [oss-security] CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)"
• Previous message: Eugene Teo: "[oss-security] Couple of kernel issues"
• Next in thread: Josh Bressers: "Re: [oss-security] CVE request: aircrack-ng EAPOL buffer overflow"
• Reply: Josh Bressers: "Re: [oss-security] CVE request: aircrack-ng EAPOL buffer overflow"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]