Summary: | <net-analyzer/ettercap-0.8.2-r1: Out-of-bounds read | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ago, netmon, zerochaos |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1429571 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
net-analyzer/ettercap-0.8.2-r2
|
Runtime testing required: | No |
Description
Agostino Sarubbo
2017-03-10 16:34:31 UTC
However the bug is visible via etterfilter but resides in the library. CVE-2017-6430 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-6430): The compile_tree function in ef_compiler.c in the Etterfilter utility in Ettercap 0.8.2 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted filter. (In reply to Agostino Sarubbo from comment #1) > However the bug is visible via etterfilter but resides in the library. Please do not consider the above. It was a mistake. The bug is in the etterfilter utility. Looks like there was a 0.8.2-4 release including the fix from the 'fix-library' @ https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506 0.8.2-r1 in the tree, please feel free to clean up when done @arches, please stabilize. amd64 stable ppc stable ppc64 stable sparc stable x86 stable x86 stable arm stable GLSA Vote: No Please continue Stabilization alpha stable @maintainer(s), please drop vulnerable. tree is clean |