Vulnerability in WLAN hacking tool - from hunter to the hunted
Although researchers at the Technical University of Darmstadt may have delivered the coup de grace to WEP WLAN encryption with their recent report on rapid WEP cracking, users may now have the opportunity to repulse, or even strike back against, attacks. The Aircrack-ng collection of tools used for such attacks contains a vulnerability which allows an attacker's system to be taken out of action or brought under control.
Aircrack uses the airodump-ng tool to collect packets. A buffer overflow can occur in this tool when certain prepared WLAN packets are read. This can be exploited to inject and execute code. This requires, however, that the attacker has switched on the logging function with the -w or --write option. A rudimentary exploit is already available, which can, for instance, bind a shell to a network port on the latest pen tester tool collection BackTrack 2.0. Aircrack-ng 0.7 and previous versions are affected. The bug is fixed in the stable version and the developer version in the repository source code.
- Buffer overflow vulnerability has been found in airodump-ng, advisory on aircrack-ng.org