stef-guest at alioth.debian.org
2007-May-17 09:43 UTC
[Secure-testing-commits] r5859 - in data/DTSA: . advs
Author: stef-guest Date: 2007-05-17 09:43:04 +0000 (Thu, 17 May 2007) New Revision: 5859 Added: data/DTSA/advs/33-wordpress.adv data/DTSA/advs/34-wordpress.adv data/DTSA/advs/35-aircrack-ng.adv Removed: data/DTSA/advs/33-aircrack-ng.adv Modified: data/DTSA/list Log: choose a really unique DTSA number for aircrack-ng Deleted: data/DTSA/advs/33-aircrack-ng.adv ==================================================================--- data/DTSA/advs/33-aircrack-ng.adv 2007-05-17 09:14:10 UTC (rev 5858) +++ data/DTSA/advs/33-aircrack-ng.adv 2007-05-17 09:43:04 UTC (rev 5859) @@ -1,15 +0,0 @@ -source: aircrack-ng -date: May 16th, 2007 -author: Stefan Fritsch -vuln-type: programming error -problem-scope: remote -debian-specifc: no -cve: CVE-2007-2057 -vendor-advisory: http://www.nop-art.net/advisories/airodump-ng.txt -testing-fix: 1:0.8-0.1lenny1 -sid-fix: 1:0.7-3 -upgrade: apt-get install aircrack-ng - -It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs -insufficient validation of 802.11 authentication packets, which allows the -execution of arbitrary code. Added: data/DTSA/advs/33-wordpress.adv ================================================================== Added: data/DTSA/advs/34-wordpress.adv ================================================================== Copied: data/DTSA/advs/35-aircrack-ng.adv (from rev 5857, data/DTSA/advs/33-aircrack-ng.adv) ==================================================================--- data/DTSA/advs/35-aircrack-ng.adv (rev 0) +++ data/DTSA/advs/35-aircrack-ng.adv 2007-05-17 09:43:04 UTC (rev 5859) @@ -0,0 +1,15 @@ +source: aircrack-ng +date: May 16th, 2007 +author: Stefan Fritsch +vuln-type: programming error +problem-scope: remote +debian-specifc: no +cve: CVE-2007-2057 +vendor-advisory: http://www.nop-art.net/advisories/airodump-ng.txt +testing-fix: 1:0.8-0.1lenny1 +sid-fix: 1:0.7-3 +upgrade: apt-get install aircrack-ng + +It was discovered that aircrack-ng, a WEP/WPA security analysis tool, performs +insufficient validation of 802.11 authentication packets, which allows the +execution of arbitrary code. Modified: data/DTSA/list ==================================================================--- data/DTSA/list 2007-05-17 09:14:10 UTC (rev 5858) +++ data/DTSA/list 2007-05-17 09:43:04 UTC (rev 5859) @@ -92,7 +92,7 @@ [March 3rd, 2007] DTSA-34-1 wordpress - cross-site scripting {CVE-2007-1049 } [etch] - wordpress 2.0.9-1 -[May 16th, 2007] DTSA-33-1 aircrack-ng - programming error +[May 16th, 2007] DTSA-35-1 aircrack-ng - programming error {CVE-2007-2057 } - - aircrack-ng 1:0.8-0.1lenny1 + [lenny] - aircrack-ng 1:0.8-0.1lenny1 TODO: unreleased