Bug 20486

Summary: ettercap new security issue CVE-2017-6430
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: herman.viaene, lewyssmith, mageia, marja11, sysadmin-bugs
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA5-32-OK advisory MGA5-64-OK
Source RPM: ettercap-0.8.0-6.mga5.src.rpm CVE: CVE-2017-6430
Status comment:

Description David Walser 2017-03-15 01:42:59 CET 
Fedora has issued an advisory today (March 14):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q6NUJRIY4LV42YSZYHP34LOL73PN4ZO2/

The upstream commit that fixed the issue is linked from the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1429571

Mageia 5 is also affected.
David Walser 2017-03-15 01:47:53 CET

Whiteboard: (none) => MGA5TOO

Marja Van Waes 2017-03-15 12:27:40 CET

CC: (none) => marja11
Assignee: bugsquad => pterjan

Nicolas Lécureuil 2017-05-01 21:33:26 CEST

CC: (none) => mageia
CVE: (none) => CVE-2017-6430

Comment 1 Nicolas Lécureuil 2017-05-01 21:37:49 CEST 
fixed in cauldron

Whiteboard: MGA5TOO => (none)
Version: Cauldron => 5

Comment 2 Nicolas Lécureuil 2017-05-01 21:44:00 CEST 
New version uploaded in updates_testing:

src.rpm:  ettercap-0.8.2-1.mga5

Assignee: pterjan => qa-bugs

Comment 3 David Walser 2017-05-02 01:32:12 CEST 
Advisory:
========================

Updated ettercap packages fix security vulnerability:

Etterfilter utility of Ettercap have an out-of-bounds read denial-of-service
vulnerability when parsing a crafted file. This occurs in the compile_tree
function of the ef_compiler.c source file when processing corrupted filters
(CVE-2017-6430).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6430
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/Q6NUJRIY4LV42YSZYHP34LOL73PN4ZO2/
========================

Updated packages in core/updates_testing:
========================
ettercap-0.8.2-1.mga5
libettercap0-0.8.2-1.mga5

from ettercap-0.8.2-1.mga5.src.rpm
Comment 4 Herman Viaene 2017-05-03 14:41:06 CEST 
MGA5-32 on Asus A6000VM Xfce
No installation issues
Ettercap only runs validly as root so
# ettercap -T

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

Listening on:
wlp0s29f7u4 -> 80:1F:02:4A:FD:EB
	  192.168.2.6/255.255.255.0
	  fe80::821f:2ff:fe4a:fdeb/64

SSL dissection needs a valid 'redir_command_on' script in the etter.conf file
Privileges dropped to EUID 65534 EGID 65534...
and a lot more .....
ettercap -G & ettercap -C opens ettercap dialog window and there connections etc... are shown. OK for me.

Whiteboard: (none) => MGA5-32-OK
CC: (none) => herman.viaene

Lewis Smith 2017-05-04 10:00:22 CEST

CC: (none) => lewyssmith
Whiteboard: MGA5-32-OK => MGA5-32-OK advisory

Comment 5 Lewis Smith 2017-05-06 11:33:15 CEST 
Prior to testing, some background:-
"ettercap - Ncurses/Gtk2 based sniffer/interceptor utility"
 /usr/bin/ettercap          multipurpose  sniffer/content filter
‎ /usr/bin/ettercap-pkexec   graphical pkexec-based launcher for ettercap
‎ /usr/bin/etterfilter       Filter compiler for ettercap content filtering engine
‎ /usr/bin/etterlog          Log analyzer for ettercap log files

The essential is:
 # ettercap -T    to dump to the console
 # ettercap -C    for the curses interface
 # ettercap -G    for the GUI
The last two have a good help menu '?'; all the man output is comprehensive.

-h for help. Using just -T dumps everything to the console. I never got anywhere with -C or -G beyond displaying and playing with the nice & fully functional interfaces: despite which I could not get any output, nor any log file accepted.
Comment 6 Lewis Smith 2017-05-07 10:19:15 CEST 
Testing M5 x64

BEFORE the update I had just 'ettercap-0.8.0-6.mga5', and lib64ettercap0 could not be found anywhere.
DOING the update, after selecting 'ettercap-0.8.2-1.mga5.x86_64' the following  additional pkgs were suddenly declared as required:
- lib64ettercap0-0.8.2-1.mga5.x86_64
- lib64net-devel-1.1.6-5.mga5.x86_64
- lib64nl-cli3_200-3.2.25-3.1.mga5.x86_64
- lib64nl-genl3_200-3.2.25-3.1.mga5.x86_64
- lib64nl-nf3_200-3.2.25-3.1.mga5.x86_64
- lib64nl-route3_200-3.2.25-3.1.mga5.x86_64
- lib64nl3-devel-3.2.25-3.1.mga5.x86_64
- lib64nl3_200-3.2.25-3.1.mga5.x86_64
- lib64pcap-devel-1.8.1-1.mga5.x86_64
- libnl3-config-3.2.25-3.1.mga5.noarch
Is this just the result of the version change?

AFTER the update:
# ettercap -I
 ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team
 List of available Network Interfaces:
 enp4s0  	enp4s0
 lo  	Local Loopback
 bluetooth-monitor  	Bluetooth Linux Monitor
 usbmon1  	USB bus number 1
etc

# ettercap -T|C|G
all worked satisfactorily within my limits noted in Comment 5.

Update looks OK. Validating.

Keywords: (none) => validated_update
Whiteboard: MGA5-32-OK advisory => MGA5-32-OK advisory MGA5-64-OK
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2017-05-07 22:27:26 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0130.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED