Arch Linux Security Advisory ASA-201411-2
========================================
Severity: Critical
Date    : 2014-11-03
CVE-ID  : CVE-2014-8321, CVE-2014-8322, CVE-2014-8323, CVE-2014-8324
Package : aircrack-ng
Type    : multiple vulnerabilities
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE-2014

Summary
======
The package aircrack-ng before version 1.2rc1-1 is vulnerable to
multiple security issues which may result in remote/local code
execution, privilege escalation and denial of service.

Resolution
=========
Upgrade to 1.2rc1-1.

# pacman -Syu "aircrack-ng>=1.2rc1-1"

The problem has been fixed upstream in version 1.2rc1.

Workaround
=========
None.

Description
==========
Nick Sampanis discovered the following vulnerabilities:

- CVE-2014-8321 (code execution and privilege escalation)
A stack overflow at airodump-ng gps_tracker() which may lead to code
execution and privilege escalation.

- CVE-2014-8322 (remote code execution)
A length parameter inconsistency at aireplay tcp_test() which may lead
to remote code execution.

- CVE-2014-8323 (denial of service)
A missing check for data format at buddy-ng which may lead to denial of
service.

- CVE-2014-8324 (denial of service)
A missing check for invalid values at airserv-ng net_get() which may
lead to denial of service.

Impact
=====
A remote attacker in an adjacent network is able to perform code
execution, privilege escalation and denial of service via multiple
vulnerabilities.

References
=========
https://access.redhat.com/security/cve/CVE-2014-8321
https://access.redhat.com/security/cve/CVE-2014-8322
https://access.redhat.com/security/cve/CVE-2014-8323
https://access.redhat.com/security/cve/CVE-2014-8324
https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd
https://github.com/aircrack-ng/aircrack-ng/commit/091b153f2
https://github.com/aircrack-ng/aircrack-ng/commit/da0872389
https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce