Multiple integer underflows in Kismet before 2005-08-R1 allow remote attackers to execute arbitrary code via (1) kernel headers in a pcap file or (2) data frame dissection, which leads to heap-based buffer overflows.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kismet | Kismet | 2.4.5 (including) | 2.4.5 (including) |
| Kismet | Kismet | 2.4.6 (including) | 2.4.6 (including) |
| Kismet | Kismet | 2.6.0 (including) | 2.6.0 (including) |
| Kismet | Kismet | 2.8.0 (including) | 2.8.0 (including) |
| Kismet | Kismet | 2.8.0a (including) | 2.8.0a (including) |
| Kismet | Kismet | 2.8.1 (including) | 2.8.1 (including) |
| Kismet | Kismet | 2004-02_r1 (including) | 2004-02_r1 (including) |
| Kismet | Kismet | 2004-04_r1 (including) | 2004-04_r1 (including) |
| Kismet | Kismet | 2004-04_r1a (including) | 2004-04_r1a (including) |
| Kismet | Kismet | 2004-10_r1 (including) | 2004-10_r1 (including) |
| Kismet | Kismet | 2005-01_r1 (including) | 2005-01_r1 (including) |
| Kismet | Kismet | 2005-04_r1 (including) | 2005-04_r1 (including) |
| Kismet | Kismet | 2005-06_r1 (including) | 2005-06_r1 (including) |
| Kismet | Kismet | 2005-07_bsd (including) | 2005-07_bsd (including) |
| Kismet | Kismet | 2005-07_r1 (including) | 2005-07_r1 (including) |
| Kismet | Kismet | 2005-07_r1a (including) | 2005-07_r1a (including) |