VAR-201310-0002
Vulnerability from variot - Updated: 2023-12-18 13:34Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Aircrack-ng is a wireless crack attack tool. Aircrack-ng handles EAPOL messages with boundary errors. When a specially constructed wireless message is submitted to aircrack-ng or airedump-ng is used to open a specially constructed message capture file, a heap-based buffer overflow can be triggered. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Aircrack-ng is prone to a buffer-overflow vulnerability. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------
Secunia CSI + Microsoft SCCM
= Extensive Patch Management
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
TITLE: Aircrack-ng EAPOL Parsing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA39150
VERIFY ADVISORY: http://secunia.com/advisories/39150/
DESCRIPTION: Lukas Lueg has reported a vulnerability in Aircrack-ng, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to a boundary error in the processing of EAPOL packets. This can be exploited to cause a heap-based buffer overflow via e.g.
SOLUTION: Do not process untrusted data using the Aircrack-ng tools.
PROVIDED AND/OR DISCOVERED BY: Lukas Lueg
ORIGINAL ADVISORY: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201310-06
http://security.gentoo.org/
Severity: Normal Title: Aircrack-ng: User-assisted execution of arbitrary code Date: October 07, 2013 Bugs: #311797 ID: 201310-06
Synopsis
A buffer overflow vulnerability in Aircrack-ng could result in execution of arbitrary code or Denial of Service.
Background
Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-wireless/aircrack-ng < 1.1-r2 >= 1.1-r2
Description
A buffer overflow vulnerability has been discovered in Aircrack-ng.
Workaround
There is no known workaround at this time.
Resolution
All Aircrack-ng users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=net-wireless/aircrack-ng-1.1-r2"
References
[ 1 ] CVE-2010-1159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1159
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201310-06.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 .
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1159 http://advisories.mageia.org/MGASA-2013-0307.html
Updated Packages:
Mandriva Business Server 1/X86_64: 746eb2a4209b308b4a8fd77518f540e1 mbs1/x86_64/aircrack-ng-1.1-5.1.mbs1.x86_64.rpm df9505748ad1c627a1ee101bc478ab33 mbs1/SRPMS/aircrack-ng-1.1-5.1.mbs1.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/en/support/security/advisories/
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux)
iD8DBQFSYNQAmqjQ0CJFipgRAtfPAKCcTsBxz3mP0w8xnyUicJdv7FBVVwCg7VQu S4oGoEhYNfQCG/SkLo8CEeA= =nq84 -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201310-0002",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.4,
"vendor": "aircrack ng",
"version": "1.0"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.1"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.2"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.2.1"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.3"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.4"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.4.1"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.4.2"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.4.3"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.4.4"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.5"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.6"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.6.1"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.6.2"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.7"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.8"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.9"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.9.1"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.9.2"
},
{
"model": "aircrack-ng",
"scope": "eq",
"trust": 1.1,
"vendor": "aircrack ng",
"version": "0.9.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.1,
"vendor": "gentoo",
"version": "*"
},
{
"model": "aircrack-ng",
"scope": "lte",
"trust": 1.0,
"vendor": "aircrack ng",
"version": "1.0"
},
{
"model": "linux",
"scope": null,
"trust": 0.9,
"vendor": "gentoo",
"version": null
},
{
"model": "aircrack-ng",
"scope": "lt",
"trust": 0.8,
"vendor": "aircrack ng",
"version": "1.1"
},
{
"model": "gentoo linux",
"scope": "lt",
"trust": 0.8,
"vendor": "gentoo linux",
"version": "1.1-r2"
},
{
"model": null,
"scope": null,
"trust": 0.6,
"vendor": "no",
"version": null
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "BID",
"id": "39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc4:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc3:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:aircrack-ng:aircrack-ng:0.2.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1159"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Lukas Lueg",
"sources": [
{
"db": "BID",
"id": "39045"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
],
"trust": 0.9
},
"cve": "CVE-2010-1159",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.8,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2010-1159",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2010-1159",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201310-560",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2010-1159",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet. Aircrack-ng is a wireless crack attack tool. Aircrack-ng handles EAPOL messages with boundary errors. When a specially constructed wireless message is submitted to aircrack-ng or airedump-ng is used to open a specially constructed message capture file, a heap-based buffer overflow can be triggered. Successful exploitation of a vulnerability can execute arbitrary instructions with application privileges. Aircrack-ng is prone to a buffer-overflow vulnerability. Failed attacks will likely cause denial-of-service conditions. ----------------------------------------------------------------------\n\n\n Secunia CSI\n+ Microsoft SCCM\n-----------------------\n= Extensive Patch Management\n\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAircrack-ng EAPOL Parsing Buffer Overflow Vulnerability\n\nSECUNIA ADVISORY ID:\nSA39150\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/39150/\n\nDESCRIPTION:\nLukas Lueg has reported a vulnerability in Aircrack-ng, which can be\nexploited by malicious people to potentially compromise a user\u0027s\nsystem. \n\nThe vulnerability is caused due to a boundary error in the processing\nof EAPOL packets. This can be exploited to cause a heap-based buffer\noverflow via e.g. \n\nSOLUTION:\nDo not process untrusted data using the Aircrack-ng tools. \n\nPROVIDED AND/OR DISCOVERED BY:\nLukas Lueg\n\nORIGINAL ADVISORY:\nhttp://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201310-06\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Aircrack-ng: User-assisted execution of arbitrary code\n Date: October 07, 2013\n Bugs: #311797\n ID: 201310-06\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA buffer overflow vulnerability in Aircrack-ng could result in\nexecution of arbitrary code or Denial of Service. \n\nBackground\n==========\n\nAircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can\nrecover keys once enough data packets have been captured. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-wireless/aircrack-ng\n \u003c 1.1-r2 \u003e= 1.1-r2\n\nDescription\n===========\n\nA buffer overflow vulnerability has been discovered in Aircrack-ng. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Aircrack-ng users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=net-wireless/aircrack-ng-1.1-r2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-1159\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1159\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201310-06.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2013 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1159\n http://advisories.mageia.org/MGASA-2013-0307.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 1/X86_64:\n 746eb2a4209b308b4a8fd77518f540e1 mbs1/x86_64/aircrack-ng-1.1-5.1.mbs1.x86_64.rpm \n df9505748ad1c627a1ee101bc478ab33 mbs1/SRPMS/aircrack-ng-1.1-5.1.mbs1.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security. You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n http://www.mandriva.com/en/support/security/advisories/\n\n If you want to report vulnerabilities, please contact\n\n security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID Date User ID\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\n \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.12 (GNU/Linux)\n\niD8DBQFSYNQAmqjQ0CJFipgRAtfPAKCcTsBxz3mP0w8xnyUicJdv7FBVVwCg7VQu\nS4oGoEhYNfQCG/SkLo8CEeA=\n=nq84\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"db": "BID",
"id": "39045"
},
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "PACKETSTORM",
"id": "87821"
},
{
"db": "PACKETSTORM",
"id": "123518"
},
{
"db": "PACKETSTORM",
"id": "123676"
}
],
"trust": 2.79
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=12217",
"trust": 0.1,
"type": "exploit"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1159"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2010-1159",
"trust": 3.0
},
{
"db": "SECUNIA",
"id": "39150",
"trust": 2.4
},
{
"db": "SECUNIA",
"id": "55053",
"trust": 1.7
},
{
"db": "BID",
"id": "39045",
"trust": 1.0
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2010-0470",
"trust": 0.6
},
{
"db": "GENTOO",
"id": "GLSA-201310-06",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "12217",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2010-1159",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "87821",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123518",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "123676",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "BID",
"id": "39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "PACKETSTORM",
"id": "87821"
},
{
"db": "PACKETSTORM",
"id": "123518"
},
{
"db": "PACKETSTORM",
"id": "123676"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"id": "VAR-201310-0002",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
}
]
},
"last_update_date": "2023-12-18T13:34:44.820000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "ChangeLog",
"trust": 0.8,
"url": "http://svn.aircrack-ng.org/trunk/changelog"
},
{
"title": "GLSA 201310-06",
"trust": 0.8,
"url": "http://www.gentoo.org/security/en/glsa/glsa-201310-06.xml"
},
{
"title": "LinuxFlaw",
"trust": 0.1,
"url": "https://github.com/mudongliang/linuxflaw "
},
{
"title": "cve-",
"trust": 0.1,
"url": "https://github.com/oneoy/cve- "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py"
},
{
"trust": 1.8,
"url": "http://security.gentoo.org/glsa/glsa-201310-06.xml"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/39150"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/55053"
},
{
"trust": 1.7,
"url": "http://svn.aircrack-ng.org/trunk/changelog"
},
{
"trust": 0.9,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-1159"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-1159"
},
{
"trust": 0.7,
"url": "http://secunia.com/advisories/39150/"
},
{
"trust": 0.7,
"url": "http://www.securityfocus.com/bid/39045"
},
{
"trust": 0.3,
"url": "http://www.aircrack-ng.org/"
},
{
"trust": 0.3,
"url": "http://pyrit.wordpress.com/2010/03/31/aircrack-ng-still-vulnerable/"
},
{
"trust": 0.3,
"url": "http://trac.aircrack-ng.org/changeset/1676"
},
{
"trust": 0.3,
"url": "http://trac.aircrack-ng.org/changeset/1683"
},
{
"trust": 0.3,
"url": "http://aircrack-ng.blogspot.com/2010/04/monthly-news-april-2010.html"
},
{
"trust": 0.3,
"url": "http://pyrit.wordpress.com/2010/03/28/remote-exploit-against-aircrack-ng/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2010-1159"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://www.exploit-db.com/exploits/12217/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/about_secunia_advisories/"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-1159"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
},
{
"trust": 0.1,
"url": "http://advisories.mageia.org/mgasa-2013-0307.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "BID",
"id": "39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "PACKETSTORM",
"id": "87821"
},
{
"db": "PACKETSTORM",
"id": "123518"
},
{
"db": "PACKETSTORM",
"id": "123676"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"db": "BID",
"id": "39045"
},
{
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"db": "PACKETSTORM",
"id": "87821"
},
{
"db": "PACKETSTORM",
"id": "123518"
},
{
"db": "PACKETSTORM",
"id": "123676"
},
{
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"date": "2013-10-28T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"date": "2010-03-27T00:00:00",
"db": "BID",
"id": "39045"
},
{
"date": "2013-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"date": "2010-03-30T05:50:49",
"db": "PACKETSTORM",
"id": "87821"
},
{
"date": "2013-10-07T22:30:09",
"db": "PACKETSTORM",
"id": "123518"
},
{
"date": "2013-10-18T20:10:32",
"db": "PACKETSTORM",
"id": "123676"
},
{
"date": "2013-10-28T22:55:03.227000",
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"date": "2010-03-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2010-03-30T00:00:00",
"db": "CNVD",
"id": "CNVD-2010-0470"
},
{
"date": "2013-10-29T00:00:00",
"db": "VULMON",
"id": "CVE-2010-1159"
},
{
"date": "2013-10-21T01:07:00",
"db": "BID",
"id": "39045"
},
{
"date": "2013-10-30T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2010-005653"
},
{
"date": "2013-10-29T20:53:40.617000",
"db": "NVD",
"id": "CVE-2010-1159"
},
{
"date": "2013-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "123676"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability",
"sources": [
{
"db": "BID",
"id": "39045"
},
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
],
"trust": 0.9
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201310-560"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…