Ubuntu
macchanger package

macchanger buffer overflow detected

Bug #1310273 reported by Assaf
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
macchanger (Ubuntu)
New
Undecided
Unassigned

Bug Description

I was about to change my nic's mac address for testing purposes of my local area network when I launched the following command and I got this crash.

israel@israel:~$ sudo macchanger A0:F3:C1:0F:94:8E
*** buffer overflow detected ***: macchanger terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x63)[0xb76827b3]
/lib/i386-linux-gnu/libc.so.6(+0x10652a)[0xb768152a]
/lib/i386-linux-gnu/libc.so.6(+0x1058b5)[0xb76808b5]
macchanger[0x8049660]
macchanger[0x8048ac0]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0xb7594905]
macchanger[0x8048ced]
======= Memory map: ========
08048000-0804b000 r-xp 00000000 08:01 4744266 /usr/bin/macchanger
0804b000-0804c000 r--p 00002000 08:01 4744266 /usr/bin/macchanger
0804c000-0804d000 rw-p 00003000 08:01 4744266 /usr/bin/macchanger
0859e000-08643000 rw-p 00000000 00:00 0 [heap]
b7546000-b7561000 r-xp 00000000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b7561000-b7562000 r--p 0001a000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b7562000-b7563000 rw-p 0001b000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b757a000-b757b000 rw-p 00000000 00:00 0
b757b000-b7729000 r-xp 00000000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b7729000-b772b000 r--p 001ae000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b772b000-b772c000 rw-p 001b0000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b772c000-b772f000 rw-p 00000000 00:00 0
b7745000-b7748000 rw-p 00000000 00:00 0
b7748000-b7749000 r-xp 00000000 00:00 0 [vdso]
b7749000-b7769000 r-xp 00000000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
b7769000-b776a000 r--p 0001f000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
b776a000-b776b000 rw-p 00020000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
bfcdb000-bfcfc000 rw-p 00000000 00:00 0 [stack]

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: macchanger 1.5.0-9
ProcVersionSignature: Ubuntu 3.11.0-19.33-generic 3.11.10.5
Uname: Linux 3.11.0-19-generic i686
ApportVersion: 2.12.5-0ubuntu2.2
Architecture: i386
Date: Sun Apr 20 16:15:39 2014
InstallationDate: Installed on 2014-03-12 (38 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release i386 (20131016.1)
MarkForUpload: True
SourcePackage: macchanger
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Assaf (assaf-vilmovski) wrote :
Revision history for this message
Assaf (assaf-vilmovski) wrote :

I should state that my wireless network adapter was in Managed mode

wlan0 IEEE 802.11abgn ESSID:"Bee34Trap7"
          Mode:Managed Frequency:2.412 GHz Access Point: D8:FE:E3:02:9F:D9
          Bit Rate=54 Mb/s Tx-Power=15 dBm
          Retry long limit:7 RTS thr:off Fragment thr:off
          Power Management:off
          Link Quality=66/70 Signal level=-44 dBm
          Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:5 Invalid misc:714 Missed beacon:0

lo no wireless extensions.

eth0 no wireless extensions.

No other wlan0 related PIDs were running when I executed macchanger command

Revision history for this message
Assaf (assaf-vilmovski) wrote :

Appearantly I have an IP on my local router, maybe this caused it...

wlan0 Link encap:Ethernet HWaddr 00:22:fa:31:d1:8a
          inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
          inet6 addr: fe80::222:faff:fe31:d18a/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1
          RX packets:583945 errors:0 dropped:472650 overruns:0 frame:0
          TX packets:17673 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:135179716 (135.1 MB) TX bytes:2587407 (2.5 MB)

Revision history for this message
Seth Arnold (seth-arnold) wrote : Bug is not a security issue

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.