Ubuntu
aircrack-ng package

Merge with 0.7-3 from debian unstable (#SA24880)

Bug #108907 reported by André Klitzing
270
Affects Status Importance Assigned to Milestone
aircrack-ng (Debian)
Fix Released
Unknown
aircrack-ng (Ubuntu)
Fix Released
Undecided
Unassigned
Edgy
Invalid
Undecided
Unassigned
Feisty
Fix Released
Medium
Kees Cook

Bug Description

Binary package hint: aircrack-ng

Ubuntu needs to merge with debian unstable to fix a security issue.

 aircrack-ng (1:0.7-3) unstable; urgency=HIGH
   * Fix a remote exploitable buffer overflow in airodump-ng.
     See: Secunia #SA24880

Tags: merge

CVE References

Marco Rodrigues (gothicx)
Changed in aircrack-ng:
status: Unconfirmed → Confirmed
Adrien Cunin (adri2000)
Changed in aircrack-ng:
assignee: nobody → motu-swat
Bug Watch Updater (bug-watch-updater)
Changed in aircrack-ng:
status: Unknown → Fix Released
Revision history for this message
Scott Kitterman (kitterman) wrote :

Gutsy already has 1:0.9-1, so this issue is resolved in the development release. Are the 0.6 versions in Edgy and Feisty affected by this bug?

Changed in aircrack-ng:
assignee: motu-swat → misery
Revision history for this message
André Klitzing (misery) wrote :

Yes, 0.6 is affected, too!
http://trac.aircrack-ng.org/ticket/167

Debian has a patch in etch for 0.6.2

Revision history for this message
Scott Kitterman (kitterman) wrote :

Investigating the source for Edgy/Feisty.

Changed in aircrack-ng:
assignee: misery → nobody
status: Confirmed → Fix Released
Scott Kitterman (kitterman)
Changed in aircrack-ng:
status: Unconfirmed → Confirmed
assignee: nobody → kitterman
status: Unconfirmed → Rejected
Scott Kitterman (kitterman)
Changed in aircrack-ng:
status: Rejected → Confirmed
status: Confirmed → In Progress
Revision history for this message
Scott Kitterman (kitterman) wrote :

Draft fix for Feisty. Tested that it builds, applies, and installs. I'm not in a position to test if it actually works.

Changed in aircrack-ng:
assignee: kitterman → nobody
status: In Progress → Confirmed
importance: Undecided → Medium
Revision history for this message
Scott Kitterman (kitterman) wrote :

Vulnerable patch not present in Edgy

Changed in aircrack-ng:
status: Confirmed → Rejected
Revision history for this message
Kees Cook (kees) wrote :

Looks good. I adjusted the changelog entry to conform more to the recommendation in the SecurityUpdateProcedures page and uploaded it:

aircrack-ng (1:0.6.2-7ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: remote buffer overflow in airodump.
  * Added 101-wepwedgie_vuln_fix.dpatch based on Debian Etch patch.
  * References
    CVE-2007-2057

 -- Scott Kitterman <email address hidden> Wed, 30 May 2007 16:20:52 -0400

Changed in aircrack-ng:
assignee: nobody → keescook
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.