Aircrack-ng: User-assisted execution of arbitrary code — GLSA 201411-08

Multiple vulnerabilities have been found in Aircrack-ng, possibly resulting in local privilege escalation, remote code execution, or Denial of Service.

Affected packages

net-wireless/aircrack-ng on all architectures
Affected versions < 1.2_rc1
Unaffected versions >= 1.2_rc1

Background

Aircrack-ng is an 802.11 WEP and WPA-PSK keys cracking program that can recover keys once enough data packets have been captured.

Description

Multiple vulnerabilities have been discovered in Aircrack-ng. Please review the CVE identifiers referenced below for details.

Impact

A local attacker can use this flaw to execute arbitrary code or gain escalated privileges. A remote attacker execute arbitrary code with the privileges of the process or a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Aircrack-ng users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=net-wireless/aircrack-ng-1.2_rc1"
 

References

Release date
November 23, 2014

Latest revision
November 23, 2014: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries