Results 1 to 7 of 7

Thread: Buffer Overflow in aircrack-ng 1.2 RC 4 with Kali weekly build

  1. #1
    Junior Member
    Join Date
    Aug 2017
    Posts
    4

    Buffer Overflow in aircrack-ng 1.2 RC 4 with Kali weekly build

    Hello,

    After running airodump-ng trying to detect a handshake I'm receiving a buffer overflow after about four minutes. I'm using the latest Kali linux 4.9.0-kali4-amd64 live weekly build. Anyone else experiencing this issue?

    Here's more information:

    *** buffer overflow detected ***: airodump-ng terminated
    ======= Backtrace: =========
    /lib/x86_64-linux-gnu/libc.so.6(+0x70bcb)[0x7f572a8c4bcb]
    /lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f572a94d1b7]
    /lib/x86_64-linux-gnu/libc.so.6(+0xf72f0)[0x7f572a94b2f0]
    /lib/x86_64-linux-gnu/libc.so.6(+0xf912a)[0x7f572a94d12a]
    airodump-ng(+0x4ad5)[0x5566995fcad5]
    /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f572a8742b1]
    airodump-ng(+0x5a5a)[0x5566995fda5a]
    ======= Memory map: ========
    5566995f8000-55669961f000 r-xp 00000000 00:16 140292 /usr/sbin/airodump-ng
    55669981e000-55669981f000 r--p 00026000 00:16 140292 /usr/sbin/airodump-ng
    55669981f000-556699820000 rw-p 00027000 00:16 140292 /usr/sbin/airodump-ng
    556699820000-556699846000 rw-p 00000000 00:00 0
    55669b61a000-55669b9bd000 rw-p 00000000 00:00 0 [heap]
    7f5724000000-7f5724021000 rw-p 00000000 00:00 0
    7f5724021000-7f5728000000 ---p 00000000 00:00 0
    7f5729923000-7f5729939000 r-xp 00000000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7f5729939000-7f5729b38000 ---p 00016000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7f5729b38000-7f5729b39000 r--p 00015000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7f5729b39000-7f5729b3a000 rw-p 00016000 07:00 9753 /lib/x86_64-linux-gnu/libgcc_s.so.1
    7f5729b3a000-7f5729b3b000 ---p 00000000 00:00 0
    7f5729b3b000-7f572a33b000 rw-p 00000000 00:00 0
    7f572a33b000-7f572a34f000 r-xp 00000000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
    7f572a34f000-7f572a54e000 ---p 00014000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
    7f572a54e000-7f572a54f000 r--p 00013000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
    7f572a54f000-7f572a550000 rw-p 00014000 07:00 9759 /lib/x86_64-linux-gnu/libgpg-error.so.0.22.0
    7f572a550000-7f572a653000 r-xp 00000000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
    7f572a653000-7f572a852000 ---p 00103000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
    7f572a852000-7f572a853000 r--p 00102000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
    7f572a853000-7f572a854000 rw-p 00103000 07:00 9783 /lib/x86_64-linux-gnu/libm-2.24.so
    7f572a854000-7f572a9e9000 r-xp 00000000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
    7f572a9e9000-7f572abe9000 ---p 00195000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
    7f572abe9000-7f572abed000 r--p 00195000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
    7f572abed000-7f572abef000 rw-p 00199000 07:00 9716 /lib/x86_64-linux-gnu/libc-2.24.so
    7f572abef000-7f572abf3000 rw-p 00000000 00:00 0
    7f572abf3000-7f572ac65000 r-xp 00000000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
    7f572ac65000-7f572ae64000 ---p 00072000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
    7f572ae64000-7f572ae65000 r--p 00071000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
    7f572ae65000-7f572ae66000 rw-p 00072000 07:00 9837 /lib/x86_64-linux-gnu/libpcre.so.3.13.3
    7f572ae66000-7f572ae7e000 r-xp 00000000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
    7f572ae7e000-7f572b07d000 ---p 00018000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
    7f572b07d000-7f572b07e000 r--p 00017000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
    7f572b07e000-7f572b07f000 rw-p 00018000 07:00 9842 /lib/x86_64-linux-gnu/libpthread-2.24.so
    7f572b07f000-7f572b083000 rw-p 00000000 00:00 0
    7f572b083000-7f572b18a000 r-xp 00000000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
    7f572b18a000-7f572b389000 ---p 00107000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
    7f572b389000-7f572b38b000 r--p 00106000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
    7f572b38b000-7f572b392000 rw-p 00108000 07:00 9755 /lib/x86_64-linux-gnu/libgcrypt.so.20.1.8
    7f572b392000-7f572b3b1000 r-xp 00000000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
    7f572b3b1000-7f572b5b0000 ---p 0001f000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
    7f572b5b0000-7f572b5b2000 r--p 0001e000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
    7f572b5b2000-7f572b5b3000 rw-p 00020000 07:00 9797 /lib/x86_64-linux-gnu/libnl-3.so.200.22.0
    7f572b5b3000-7f572b5b8000 r-xp 00000000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
    7f572b5b8000-7f572b7b7000 ---p 00005000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
    7f572b7b7000-7f572b7b8000 r--p 00004000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
    7f572b7b8000-7f572b7b9000 rw-p 00005000 07:00 9799 /lib/x86_64-linux-gnu/libnl-genl-3.so.200.22.0
    7f572b7b9000-7f572b7dc000 r-xp 00000000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
    7f572b9b6000-7f572b9ba000 rw-p 00000000 00:00 0
    7f572b9d8000-7f572b9dc000 rw-p 00000000 00:00 0
    7f572b9dc000-7f572b9dd000 r--p 00023000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
    7f572b9dd000-7f572b9de000 rw-p 00024000 07:00 9684 /lib/x86_64-linux-gnu/ld-2.24.so
    7f572b9de000-7f572b9df000 rw-p 00000000 00:00 0
    7ffcacd4c000-7ffcacd6d000 rw-p 00000000 00:00 0 [stack]
    7ffcacde5000-7ffcacde7000 r--p 00000000 00:00 0 [vvar]
    7ffcacde7000-7ffcacde9000 r-xp 00000000 00:00 0 [vdso]
    ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
    Aborted

  2. #2
    Member
    Join Date
    Dec 2016
    Posts
    98
    Works fine for me.

    Could you post a pcap done with tcpdump running along with airodump-ng (until it crashes), that would help fixing the issue. Don't forget to update the ticket in Aircrack-ng trac.

  3. #3
    Junior Member
    Join Date
    Aug 2017
    Posts
    4
    Quote Originally Posted by Mister_X View Post
    Works fine for me.

    Could you post a pcap done with tcpdump running along with airodump-ng (until it crashes), that would help fixing the issue. Don't forget to update the ticket in Aircrack-ng trac.
    Code:
    root@kali:/# tcpdump -n --interface=wlan1 >> pcap
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on wlan1, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 262144 bytes
    tcpdump: pcap_loop: The interface went down
    41689 packets captured
    41769 packets received by filter
    0 packets dropped by kernel
    4 packets dropped by interface
    https://pastebin.com/raw/TFpUGCig

    thanks!

  4. #4
    Member
    Join Date
    Dec 2016
    Posts
    98
    The text output from tcpdump is useless, the pcap file is what helps debugging.

    As mentioned in the ticket, the pcap file got deleted by dropbox or you.

  5. #5
    Junior Member
    Join Date
    Aug 2017
    Posts
    4

  6. #6
    Member
    Join Date
    Dec 2016
    Posts
    98
    As I said, the text is useless, I need the actual packets to reproduce the issue.

  7. #7
    Junior Member
    Join Date
    Aug 2017
    Posts
    4
    Quote Originally Posted by Mister_X View Post
    As I said, the text is useless, I need the actual packets to reproduce the issue.
    Hey @Mister_x

    I had a TL-WN722N adapter and was using ported drivers (https://github.com/mfruba/kernel/tre...2N_v2.0-Ralink) .... purchased an adapter with an Atheros chipset and everything is working OK :-)

    Thanks for your help

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •