Buffer Overflow in aircrack-ng 1.2 RC 4 with Kali weekly build

[cyrilic]

Hello,

After running airodump-ng trying to detect a handshake I'm receiving a buffer overflow after about four minutes. I'm using the latest Kali linux 4.9.0-kali4-amd64 live weekly build. Anyone else experiencing this issue?

Here's more information:

*** buffer overflow detected ***: airodump-ng terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f572a8c4bcb]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f572a94d1b7]
/lib/x86_64-linux-gnu/libc.so.6(+0xf72f0)[0x7f572a94b2f0]
/lib/x86_64-linux-gnu/libc.so.6(+0xf912a)[0x7f572a94d12a]
airodump-ng(+0x4ad5)[0x5566995fcad5]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f572a8742b1]
airodump-ng(+0x5a5a)[0x5566995fda5a]
======= Memory map: ========
5566995f8000-55669961f000 r-xp 00000000 00:16 140292 /usr/sbin/airodump-ng
55669981e000-55669981f000 r--p 00026000 00:16 140292 /usr/sbin/airodump-ng
55669981f000-556699820000 rw-p 00027000 00:16 140292 /usr/sbin/airodump-ng
556699820000-556699846000 rw-p 00000000 00:00 0
55669b61a000-55669b9bd000 rw-p 00000000 00:00 0 [heap]
7f5724000000-7f5724021000 rw-p 00000000 00:00 0
7f5724021000-7f5728000000 ---p 00000000 00:00 0
7f5729923000-7f5729939000 r-xp 00000000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f5729939000-7f5729b38000 ---p 00016000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f5729b38000-7f5729b39000 r--p 00015000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f5729b39000-7f5729b3a000 rw-p 00016000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f5729b3a000-7f5729b3b000 ---p 00000000 00:00 0
7f5729b3b000-7f572a33b000 rw-p 00000000 00:00 0
7f572a33b000-7f572a34f000 r-xp 00000000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
7f572a34f000-7f572a54e000 ---p 00014000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
7f572a54e000-7f572a54f000 r--p 00013000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
7f572a54f000-7f572a550000 rw-p 00014000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
7f572a550000-7f572a653000 r-xp 00000000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
7f572a653000-7f572a852000 ---p 00103000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
7f572a852000-7f572a853000 r--p 00102000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
7f572a853000-7f572a854000 rw-p 00103000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
7f572a854000-7f572a9e9000 r-xp 00000000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
7f572a9e9000-7f572abe9000 ---p 00195000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
7f572abe9000-7f572abed000 r--p 00195000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
7f572abed000-7f572abef000 rw-p 00199000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
7f572abef000-7f572abf3000 rw-p 00000000 00:00 0
7f572abf3000-7f572ac65000 r-xp 00000000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f572ac65000-7f572ae64000 ---p 00072000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f572ae64000-7f572ae65000 r--p 00071000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f572ae65000-7f572ae66000 rw-p 00072000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
7f572ae66000-7f572ae7e000 r-xp 00000000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f572ae7e000-7f572b07d000 ---p 00018000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f572b07d000-7f572b07e000 r--p 00017000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f572b07e000-7f572b07f000 rw-p 00018000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
7f572b07f000-7f572b083000 rw-p 00000000 00:00 0
7f572b083000-7f572b18a000 r-xp 00000000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
7f572b18a000-7f572b389000 ---p 00107000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
7f572b389000-7f572b38b000 r--p 00106000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
7f572b38b000-7f572b392000 rw-p 00108000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
7f572b392000-7f572b3b1000 r-xp 00000000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f572b3b1000-7f572b5b0000 ---p 0001f000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f572b5b0000-7f572b5b2000 r--p 0001e000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f572b5b2000-7f572b5b3000 rw-p 00020000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
7f572b5b3000-7f572b5b8000 r-xp 00000000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f572b5b8000-7f572b7b7000 ---p 00005000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f572b7b7000-7f572b7b8000 r--p 00004000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f572b7b8000-7f572b7b9000 rw-p 00005000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
7f572b7b9000-7f572b7dc000 r-xp 00000000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
7f572b9b6000-7f572b9ba000 rw-p 00000000 00:00 0
7f572b9d8000-7f572b9dc000 rw-p 00000000 00:00 0
7f572b9dc000-7f572b9dd000 r--p 00023000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
7f572b9dd000-7f572b9de000 rw-p 00024000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
7f572b9de000-7f572b9df000 rw-p 00000000 00:00 0
7ffcacd4c000-7ffcacd6d000 rw-p 00000000 00:00 0 [stack]
7ffcacde5000-7ffcacde7000 r--p 00000000 00:00 0 [vvar]
7ffcacde7000-7ffcacde9000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted

[Mister_X]

Works fine for me.

Could you post a pcap done with tcpdump running along with airodump-ng (until it crashes), that would help fixing the issue. Don't forget to update the ticket in Aircrack-ng trac.

[cyrilic]

Works fine for me.

Could you post a pcap done with tcpdump running along with airodump-ng (until it crashes), that would help fixing the issue. Don't forget to update the ticket in Aircrack-ng trac.

Code:

root@kali:/# tcpdump -n --interface=wlan1 >> pcap
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on wlan1, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes
tcpdump: pcap_loop: The interface went down
41689 packets captured
41769 packets received by filter
0 packets dropped by kernel
4 packets dropped by interface

https://pastebin.com/raw/TFpUGCig

thanks!

[Mister_X]

The text output from tcpdump is useless, the pcap file is what helps debugging.

As mentioned in the ticket, the pcap file got deleted by dropbox or you.

[cyrilic]

try this: https://pastebin.com/raw/TFpUGCig

[Mister_X]

As I said, the text is useless, I need the actual packets to reproduce the issue.

[cyrilic]

As I said, the text is useless, I need the actual packets to reproduce the issue.

Hey @Mister_x

I had a TL-WN722N adapter and was using ported drivers (https://github.com/mfruba/kernel/tre...2N_v2.0-Ralink) .... purchased an adapter with an Atheros chipset and everything is working OK :-)

Thanks for your help