Vulnerability Name:

CVE-2010-1159 (CCN-57453)

Assigned:2010-03-30
Published:2010-03-30
Updated:2013-10-29
Summary:Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.
CVSS v3 Severity:6.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Adjacent
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.5 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
5.4 Medium (CCN CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P)
4.4 Medium (CCN Temporal CVSS v2 Vector: AV:A/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Adjacent_Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-119
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2010-1159

Source: CCN
Type: pyrit.googlecode.com
A remote-exploit against the aircrack-ng tools

Source: MISC
Type: UNKNOWN
http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py

Source: CCN
Type: SA39150
Aircrack-ng EAPOL Parsing Buffer Overflow Vulnerability

Source: SECUNIA
Type: Vendor Advisory
39150

Source: SECUNIA
Type: Vendor Advisory
55053

Source: GENTOO
Type: Vendor Advisory
GLSA-201310-06

Source: CONFIRM
Type: UNKNOWN
http://svn.aircrack-ng.org/trunk/ChangeLog

Source: CCN
Type: Aircrack-ng Changeset 1676
Fixed buffer overflow discovered by ebfe

Source: CCN
Type: Aircrack-ng Web site
Aircrack-ng

Source: CCN
Type: OSVDB ID: 63314
aircrack-ng Crafted EAPOL Packet Handling Overflow

Source: CCN
Type: BID-39045
Aircrack-ng EAPOL Packet Processing Buffer Overflow Vulnerability

Source: XF
Type: UNKNOWN
aircrackng-eapol-bo(57453)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:aircrack-ng:aircrack-ng:0.1:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.2:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.2.1:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.3:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.4:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.5:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.6:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.6.1:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.6.2:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.7:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.8:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.9:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.9.1:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.9.2:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:0.9.3:*:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:*:*:*:*:*:*:*:* (Version <= 1.0)
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:beta1:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:beta2:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:rc1:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:rc2:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:rc3:*:*:*:*:*:*
  • OR cpe:/a:aircrack-ng:aircrack-ng:1.0:rc4:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:aircrack-ng:aircrack-ng:1.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    aircrack-ng aircrack-ng 0.1
    aircrack-ng aircrack-ng 0.2
    aircrack-ng aircrack-ng 0.2.1
    aircrack-ng aircrack-ng 0.3
    aircrack-ng aircrack-ng 0.4
    aircrack-ng aircrack-ng 0.4.1
    aircrack-ng aircrack-ng 0.4.2
    aircrack-ng aircrack-ng 0.4.3
    aircrack-ng aircrack-ng 0.4.4
    aircrack-ng aircrack-ng 0.5
    aircrack-ng aircrack-ng 0.6
    aircrack-ng aircrack-ng 0.6.1
    aircrack-ng aircrack-ng 0.6.2
    aircrack-ng aircrack-ng 0.7
    aircrack-ng aircrack-ng 0.8
    aircrack-ng aircrack-ng 0.9
    aircrack-ng aircrack-ng 0.9.1
    aircrack-ng aircrack-ng 0.9.2
    aircrack-ng aircrack-ng 0.9.3
    aircrack-ng aircrack-ng *
    aircrack-ng aircrack-ng 1.0 beta1
    aircrack-ng aircrack-ng 1.0 beta2
    aircrack-ng aircrack-ng 1.0 rc1
    aircrack-ng aircrack-ng 1.0 rc2
    aircrack-ng aircrack-ng 1.0 rc3
    aircrack-ng aircrack-ng 1.0 rc4
    gentoo linux *
    aircrack-ng aircrack-ng 1.0