CVE-2014-8322

CRITICAL

aircrack-ng < 1.2 RC 1 - Remote Code Execution via Crafted Length Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-8322. PoCs published by Nick Sampanis.

AI-analyzed exploit summary This exploit targets a stack overflow in Aireplay-ng 1.2 beta3 via the '--test' option, leveraging a crafted TCP packet to achieve remote code execution. It constructs a malicious payload with ROP gadgets to execute arbitrary commands, defaulting to a reverse shell.

Description

Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.

Exploits (1)

exploitdb WORKING POC

by Nick Sampanis · cremotelinux

https://www.exploit-db.com/exploits/35018

View Code ZIP pw:eip

This exploit targets a stack overflow in Aireplay-ng 1.2 beta3 via the '--test' option, leveraging a crafted TCP packet to achieve remote code execution. It constructs a malicious payload with ROP gadgets to execute arbitrary commands, defaulting to a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Aireplay-ng 1.2 beta3

No auth needed

Prerequisites: Network access to the target · Aireplay-ng with vulnerable '--test' option enabled

MITRE ATT&CK