Bug 582416 - (CVE-2010-1159) CVE-2010-1159 aircrack-ng: remote denial of service
CVE-2010-1159 aircrack-ng: remote denial of service
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20100327,reported=20100414,sou...
: Security
Depends On: 582417
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-14 16:46 EDT by Vincent Danen
Modified: 2011-06-15 18:46 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-06-15 18:46:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2010-04-14 16:46:39 EDT
A Debian bug report [1] notes an exploit for a security vulnerability in aircrack-ng has been published [2].  It also notes fixes in upstream SVN are available [3], [4].

As aircrack-ng is shipped in Fedora, this would affect Fedora 11, 12, 13, and rawhide.

This has been assigned CVE-2010-1159

[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577758
[2] http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
[3] http://trac.aircrack-ng.org/changeset/1676
[4] http://trac.aircrack-ng.org/changeset/1683
Comment 1 Vincent Danen 2010-04-14 16:47:51 EDT
Created aircrack-ng tracking bugs for this issue

Affects: fedora-all [bug 582417]
Comment 2 Till Maas 2010-05-29 09:41:48 EDT
Some more references:

upstream says that this also needs http://trac.aircrack-ng.org/changeset/1687 to be fixed, but the discoverer of the vulnerability claims that the patches are insufficient:

bug 577654 comment 7

Upstream ticket:
http://trac.aircrack-ng.org/ticket/728#comment:3
Comment 3 Rakesh Pandit 2010-05-29 14:15:50 EDT
Yes I had a detailed look few minutes back and seems this does not fix it all. Will have a look again on Tuesday.
Comment 4 Vincent Danen 2011-06-15 18:46:44 EDT
This has been corrected in Fedora:

* Sat May 29 2010 Rakesh Pandit <rakesh@fedoraproject.org> - 1.0-3
- CVE-2010-1159 aircrack-ng: remote denial of service, RH Bug #582416

Note You need to log in before you can comment on or make changes to this bug.