Debian Security Advisory
DSA-1280-1 aircrack-ng -- buffer overflow
- Date Reported:
- 24 Apr 2007
- Affected Packages:
- aircrack-ng
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2007-2057.
- More information:
-
It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs insufficient validation of 802.11 authentication packets, which allows the execution of arbitrary code.
The oldstable distribution (sarge) doesn't contain aircrack-ng packages.
For the stable distribution (etch) this problem has been fixed in version 0.6.2-7etch1.
For the unstable distribution (sid) this problem has been fixed in version 0.7-3.
We recommend that you upgrade your aircrack-ng packages. Packages for the arm, sparc, mips and mipsel architectures are not yet available. They will be provided later.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1.dsc
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1.diff.gz
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack_0.6.2-7etch1_all.deb
- Alpha:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_amd64.deb
- HPPA:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_ia64.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/a/aircrack-ng/aircrack-ng_0.6.2-7etch1_s390.deb
MD5 checksums of the listed files are available in the original advisory.