A Debian bug report [1] notes an exploit for a security vulnerability in aircrack-ng has been published [2]. It also notes fixes in upstream SVN are available [3], [4]. As aircrack-ng is shipped in Fedora, this would affect Fedora 11, 12, 13, and rawhide. This has been assigned CVE-2010-1159 [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577758 [2] http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py [3] http://trac.aircrack-ng.org/changeset/1676 [4] http://trac.aircrack-ng.org/changeset/1683
Created aircrack-ng tracking bugs for this issue Affects: fedora-all [bug 582417]
Some more references: upstream says that this also needs http://trac.aircrack-ng.org/changeset/1687 to be fixed, but the discoverer of the vulnerability claims that the patches are insufficient: bug 577654 comment 7 Upstream ticket: http://trac.aircrack-ng.org/ticket/728#comment:3
Yes I had a detailed look few minutes back and seems this does not fix it all. Will have a look again on Tuesday.
This has been corrected in Fedora: * Sat May 29 2010 Rakesh Pandit <rakesh> - 1.0-3 - CVE-2010-1159 aircrack-ng: remote denial of service, RH Bug #582416