Bug 582416 (CVE-2010-1159) - CVE-2010-1159 aircrack-ng: remote denial of service
Summary: CVE-2010-1159 aircrack-ng: remote denial of service
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2010-1159
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 582417
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-04-14 20:46 UTC by Vincent Danen
Modified: 2019-09-29 12:36 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-06-15 22:46:44 UTC
Embargoed:

Attachments (Terms of Use)

Description Vincent Danen 2010-04-14 20:46:39 UTC 
A Debian bug report [1] notes an exploit for a security vulnerability in aircrack-ng has been published [2].  It also notes fixes in upstream SVN are available [3], [4].

As aircrack-ng is shipped in Fedora, this would affect Fedora 11, 12, 13, and rawhide.

This has been assigned CVE-2010-1159

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577758
[2] http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
[3] http://trac.aircrack-ng.org/changeset/1676
[4] http://trac.aircrack-ng.org/changeset/1683
Comment 1 Vincent Danen 2010-04-14 20:47:51 UTC 
Created aircrack-ng tracking bugs for this issue

Affects: fedora-all [bug 582417]
Comment 2 Till Maas 2010-05-29 13:41:48 UTC 
Some more references:

upstream says that this also needs http://trac.aircrack-ng.org/changeset/1687 to be fixed, but the discoverer of the vulnerability claims that the patches are insufficient:

bug 577654 comment 7

Upstream ticket:
http://trac.aircrack-ng.org/ticket/728#comment:3
Comment 3 Rakesh Pandit 2010-05-29 18:15:50 UTC 
Yes I had a detailed look few minutes back and seems this does not fix it all. Will have a look again on Tuesday.
Comment 4 Vincent Danen 2011-06-15 22:46:44 UTC 
This has been corrected in Fedora:

* Sat May 29 2010 Rakesh Pandit <rakesh> - 1.0-3
- CVE-2010-1159 aircrack-ng: remote denial of service, RH Bug #582416
Note You need to log in before you can comment on or make changes to this bug.