Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 612226 (CVE-2017-6430)

Summary: <net-analyzer/ettercap-0.8.2-r1: Out-of-bounds read
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: minor CC: ago, netmon, zerochaos
Priority: Normal Flags: stable-bot: sanity-check+
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa cve]
Package list:
Runtime testing required: No

Description Agostino Sarubbo gentoo-dev 2017-03-10 16:34:31 UTC
From ${URL} :

Etterfilter utility of Ettercap have an out-of-bounds read denial-of-service vulnerability when parsing a crafted file. This occurs in the compile_tree function of the ef_compiler.c source file when processing corrupted filters.


Upstream bug:

Upstream patch:

@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-03-10 16:35:11 UTC
However the bug is visible via etterfilter but resides in the library.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2017-03-19 14:23:28 UTC
CVE-2017-6430 (
  The compile_tree function in ef_compiler.c in the Etterfilter utility in
  Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of
  service (out-of-bounds read) via a crafted filter.
Comment 3 Agostino Sarubbo gentoo-dev 2017-03-20 12:56:06 UTC
(In reply to Agostino Sarubbo from comment #1)
> However the bug is visible via etterfilter but resides in the library.

Please do not consider the above. It was a mistake. The bug is in the etterfilter utility.
Comment 4 Aaron Bauman (RETIRED) gentoo-dev 2017-07-17 01:24:40 UTC
Looks like there was a 0.8.2-4 release including the fix from the 'fix-library' @
Comment 5 Rick Farina (Zero_Chaos) gentoo-dev 2018-02-24 05:07:45 UTC
0.8.2-r1 in the tree, please feel free to clean up when done
Comment 6 Aaron Bauman (RETIRED) gentoo-dev 2019-03-24 02:06:08 UTC
@arches, please stabilize.
Comment 7 Agostino Sarubbo gentoo-dev 2019-03-24 10:02:24 UTC
amd64 stable
Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev 2019-03-24 20:32:47 UTC
ppc stable
Comment 9 Sergei Trofimovich (RETIRED) gentoo-dev 2019-03-24 20:36:10 UTC
ppc64 stable
Comment 10 Rolf Eike Beer archtester 2019-03-27 19:27:06 UTC
sparc stable
Comment 11 Thomas Deutschmann (RETIRED) gentoo-dev 2019-03-27 23:21:03 UTC
x86 stable
Comment 12 Thomas Deutschmann (RETIRED) gentoo-dev 2019-03-27 23:45:57 UTC
x86 stable
Comment 13 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-03-30 19:12:34 UTC
arm stable
Comment 14 Yury German Gentoo Infrastructure gentoo-dev 2019-04-02 06:27:38 UTC
GLSA Vote: No

Please continue Stabilization
Comment 15 Mikle Kolyada (RETIRED) archtester Gentoo Infrastructure gentoo-dev Security 2019-04-08 06:47:18 UTC
alpha stable
Comment 16 Aaron Bauman (RETIRED) gentoo-dev 2019-04-08 13:40:52 UTC
@maintainer(s), please drop vulnerable.
Comment 17 Aaron Bauman (RETIRED) gentoo-dev 2019-04-20 02:03:57 UTC
tree is clean