CVE-2010-1159

Published: 28 October 2013

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

Priority

Medium

Status

Package Release Status
aircrack-ng
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(1:1.1-3)
Patches:
Upstream: http://trac.aircrack-ng.org/changeset/1676
Upstream: http://trac.aircrack-ng.org/changeset/1683
Upstream: http://trac.aircrack-ng.org/changeset/1687
Upstream: http://trac.aircrack-ng.org/changeset/1699
Upstream: http://trac.aircrack-ng.org/changeset/1701
Upstream: http://trac.aircrack-ng.org/changeset/1702