CVE-2014-8321 - Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 R

CVE-2014-8321

Summary

Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors.

References

Vulnerable Configurations

cpe:2.3:a:aircrack-ng:aircrack-ng:0.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.4.4:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.5:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.5:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.7:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.7:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.8:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.8:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:beta2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.0:rc4:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.1:*:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta1:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta2:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta3:*:*:*:*:*:*
cpe:2.3:a:aircrack-ng:aircrack-ng:1.2:beta3:*:*:*:*:*:*

CVSS

Base:	4.6 (as of 05-02-2020 - 20:30)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://aircrack-ng.blogspot.com/2014/10/aircrack-ng-12-release-candidate-1.html https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5/
misc	http://packetstormsecurity.com/files/128943/Aircrack-ng-1.2-Beta-3-DoS-Code-Execution.html https://exchange.xforce.ibmcloud.com/vulnerabilities/98458 https://github.com/aircrack-ng/aircrack-ng/pull/13

Last major update

05-02-2020 - 20:30

Published

31-01-2020 - 22:15

Last modified

05-02-2020 - 20:30