From ${URL} : The following vulnerabilities have been reported in ettercap: Twelve vulnerabilities exist on ettercap-ng which allow remote denial of service and possible remote code execution. Specifically, the following vulnerabilities were identified: - A Length Parameter Inconsistency at ettercap 8.0 dissector_postgresql() which may lead to remote code execution or denial of service. - An arbitary write of zero in to any location at ettercap 8.0 dissector_postgresql - A negative index/underflow at ettercap 8.1 dissector_dhcp() which may lead to denial of service - A heap overflow at ettercap 8.1 nbns_spoof() plugin which may lead to remote code execution or denial of service. - An unchecked return value at ettercap 8.1 mdns_spoof() plugin which may lead to remote denial of service. - A negative index/underflow at ettercap 8.1 dissector_TN3270 - A negative index/underflow at ettercap 8.1 dissector_gg - A negative index/underflow at ettercap 8.1 get_decode_len() - An incorrect cast at ettercap 8.1 dissector_radius which may lead to remote code execution or denial of service. - A buffer over-read at ettercap 8.1 dissector_cvs which may lead to denial of service - A signedness error at ettercap 8.1 dissector_cvs - An unchecked return value at ettercap 8.1 dissector_imap which may lead to denial of service The following CVEs have been assigned: CVE-2014-6395: Length Parameter Inconsistency CVE-2014-6396: Arbitary write CVE-2014-9376: Negative index/underflow CVE-2014-9377: Heap overflow CVE-2014-9378: Unchecked return value CVE-2014-9379: Incorrect cast CVE-2014-9380: Buffer over-read CVE-2014-9381: Signedness error The patches are linked to in the following advisory: https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9381 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9381): Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation. CVE-2014-9380 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9380): The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature. CVE-2014-9379 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9379): The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow. CVE-2014-9378 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9378): Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted (1) name to the parse_line function in mdns_spoof/mdns_spoof.c or (2) base64 encoded password to the dissector_imap function in dissectors/ec_imap.c. CVE-2014-9377 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9377): Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet. CVE-2014-9376 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9376): Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small (1) size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, (2) length value to the dissector_gg function in dissectors/ec_gg.c, or (3) string length to the get_decode_len function in ec_utils.c or a request without a (4) username or (5) password to the dissector_TN3270 function in dissectors/ec_TN3270.c. CVE-2014-6396 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6396): The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location. CVE-2014-6395 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6395): Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password.
Arches, please test and mark stable: =net-analyzer/ettercap-0.8.2 Target keywords : "alpha amd64 arm ppc ppc64 sparc x86"
x86 done
amd64 stable
arm stable
ppc stable
ppc64 stable
sparc stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Cleanup done.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201505-01 at https://security.gentoo.org/glsa/201505-01 by GLSA coordinator Mikle Kolyada (Zlogene).
