macchanger buffer overflow detected

Bug #1310273 reported by Assaf on 2014-04-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
macchanger (Ubuntu)
Undecided
Unassigned

Bug Description

I was about to change my nic's mac address for testing purposes of my local area network when I launched the following command and I got this crash.

israel@israel:~$ sudo macchanger A0:F3:C1:0F:94:8E
*** buffer overflow detected ***: macchanger terminated
======= Backtrace: =========
/lib/i386-linux-gnu/libc.so.6(__fortify_fail+0x63)[0xb76827b3]
/lib/i386-linux-gnu/libc.so.6(+0x10652a)[0xb768152a]
/lib/i386-linux-gnu/libc.so.6(+0x1058b5)[0xb76808b5]
macchanger[0x8049660]
macchanger[0x8048ac0]
/lib/i386-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0xb7594905]
macchanger[0x8048ced]
======= Memory map: ========
08048000-0804b000 r-xp 00000000 08:01 4744266 /usr/bin/macchanger
0804b000-0804c000 r--p 00002000 08:01 4744266 /usr/bin/macchanger
0804c000-0804d000 rw-p 00003000 08:01 4744266 /usr/bin/macchanger
0859e000-08643000 rw-p 00000000 00:00 0 [heap]
b7546000-b7561000 r-xp 00000000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b7561000-b7562000 r--p 0001a000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b7562000-b7563000 rw-p 0001b000 08:01 7617029 /lib/i386-linux-gnu/libgcc_s.so.1
b757a000-b757b000 rw-p 00000000 00:00 0
b757b000-b7729000 r-xp 00000000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b7729000-b772b000 r--p 001ae000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b772b000-b772c000 rw-p 001b0000 08:01 7617973 /lib/i386-linux-gnu/libc-2.17.so
b772c000-b772f000 rw-p 00000000 00:00 0
b7745000-b7748000 rw-p 00000000 00:00 0
b7748000-b7749000 r-xp 00000000 00:00 0 [vdso]
b7749000-b7769000 r-xp 00000000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
b7769000-b776a000 r--p 0001f000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
b776a000-b776b000 rw-p 00020000 08:01 7617949 /lib/i386-linux-gnu/ld-2.17.so
bfcdb000-bfcfc000 rw-p 00000000 00:00 0 [stack]

ProblemType: Bug
DistroRelease: Ubuntu 13.10
Package: macchanger 1.5.0-9
ProcVersionSignature: Ubuntu 3.11.0-19.33-generic 3.11.10.5
Uname: Linux 3.11.0-19-generic i686
ApportVersion: 2.12.5-0ubuntu2.2
Architecture: i386
Date: Sun Apr 20 16:15:39 2014
InstallationDate: Installed on 2014-03-12 (38 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release i386 (20131016.1)
MarkForUpload: True
SourcePackage: macchanger
UpgradeStatus: No upgrade log present (probably fresh install)

Assaf (assaf-vilmovski) wrote :
Assaf (assaf-vilmovski) wrote :

I should state that my wireless network adapter was in Managed mode

wlan0 IEEE 802.11abgn ESSID:"Bee34Trap7"
          Mode:Managed Frequency:2.412 GHz Access Point: D8:FE:E3:02:9F:D9
          Bit Rate=54 Mb/s Tx-Power=15 dBm
          Retry long limit:7 RTS thr:off Fragment thr:off
          Power Management:off
          Link Quality=66/70 Signal level=-44 dBm
          Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
          Tx excessive retries:5 Invalid misc:714 Missed beacon:0

lo no wireless extensions.

eth0 no wireless extensions.

No other wlan0 related PIDs were running when I executed macchanger command

Assaf (assaf-vilmovski) wrote :

Appearantly I have an IP on my local router, maybe this caused it...

wlan0 Link encap:Ethernet HWaddr 00:22:fa:31:d1:8a
          inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
          inet6 addr: fe80::222:faff:fe31:d18a/64 Scope:Link
          UP BROADCAST NOTRAILERS RUNNING PROMISC ALLMULTI MTU:1500 Metric:1
          RX packets:583945 errors:0 dropped:472650 overruns:0 frame:0
          TX packets:17673 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:135179716 (135.1 MB) TX bytes:2587407 (2.5 MB)

Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the difficulties you are facing, but this appears to be a "regular" (non-security) bug. I have unmarked it as a security issue since this bug does not show evidence of allowing attackers to cross privilege boundaries nor directly cause loss of data/privacy. Please feel free to report any other bugs you may find.

information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers