Bug 20772

Fedora has issued an advisory for this today (June 9):
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BK4IYANXQO2REIN2XSKIFCETM7EQJAUZ/

Patched packages uploaded for Mageia 5 and Cauldron.

Advisory:
========================

Updated ettercap packages fix security vulnerability:

The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote
attackers to cause a denial of service (heap-based buffer overflow and
application crash) or possibly have unspecified other impact via a crafted
filter that is mishandled by etterfilter (CVE-2017-8366).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8366
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BK4IYANXQO2REIN2XSKIFCETM7EQJAUZ/
========================

Updated packages in core/updates_testing:
========================
ettercap-0.8.2-1.1.mga5
libettercap0-0.8.2-1.1.mga5

from ettercap-0.8.2-1.1.mga5.src.rpm

CC: (none) => pterjan
Whiteboard: MGA5TOO => (none)
Assignee: pterjan => qa-bugs
Severity: normal => major
Version: Cauldron => 5

Testing M5 64-bit real hardware with Ethernet link to Internet box.

BEFORE update: ettercap-0.8.2-1.mga5   lib64ettercap0-0.8.2-1.mga5
[ Previously tested https://bugs.mageia.org/show_bug.cgi?id=20486 ]

AFTER update: ettercap-0.8.2-1.1.mga5  lib64ettercap0-0.8.2-1.1.mga5

# ettercap -I

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

List of available Network Interfaces:

 enp4s0  	enp4s0
 lo  	Local Loopback
 bluetooth-monitor  	Bluetooth Linux Monitor
 usbmon1  	USB bus number 1
etc etc

# strace ettercap -I 2>&1 | grep ettercap
open("/lib64/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3
-------------
# ettercap -C
Shows the curses screen, fully actionable. This time I managed to get a log file accepted & written to.
----------------------
# strace ettercap -G 2>&1 | grep ettercap
open("/lib64/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3

Showed the GTK GUI, seemed fully functional. I managed to get some comms traffic output.

This update looks good. Advisory to follow.

Whiteboard: (none) => MGA5-64-OK
CC: (none) => lewyssmith

MGA5-32 on Asus A6000VM Xfce
Installation: when selecting ettercap I have to manually add libettercap, I expected this one to be a dependency???
At CLI as root by using "su -l"
# ettercap -I

ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team

List of available Network Interfaces:

 wlp0s29f7u4  	wlp0s29f7u4
 lo  	Local Loopback
 enp1s0  	enp1s0
 bluetooth-monitor  	Bluetooth Linux Monitor
 usbmon1  	USB bus number 1
etc...
# strace ettercap -I 2>&1 | grep ettercap
execve("/usr/bin/ettercap", ["ettercap", "-I"], [/* 46 vars */]) = 0
open("/lib/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3

With ettercap -C or -G I get into problems. I can start sniffing, see the connections, but when trying to define a log file, I get "Permission denied". At the CLI with -G I get the message:
(ettercap:8603): Gtk-WARNING **: Attempting to read the recently used resources file at `/root/.local/share/recently-used.xbel', but the parser failed: Openen van bestand â/root/.local/share/recently-used.xbelâ is mislukt: Toegang geweigerd.

(ettercap:8603): Gtk-WARNING **: Attempting to store changes into `/root/.local/share/recently-used.xbel', but failed: Aanmaken van bestand â/root/.local/share/recently-used.xbel.PZHS1Yâ is mislukt: Toegang geweigerd

(ettercap:8603): Gtk-WARNING **: Attempting to set the permissions of `/root/.local/share/recently-used.xbel', but failed: Toegang geweigerd
Toegang geweigerd means litteraly: Access denied. The permissions on the file look normal to me
# ls -als /root/.local/share/recently-used.xbel 
4 -rw------- 1 root root 1444 jun 14 10:37 /root/.local/share/recently-used.xbel

CC: (none) => herman.viaene

(In reply to Herman Viaene from comment #4)
> Installation: when selecting ettercap I have to manually add libettercap, I
> expected this one to be a dependency???

If you're upgrading it, then yes you'll have to manually select all relevant packages while QA testing.  That's normal.

As for the Gtk-WARNING, it's a warning and it's from Gtk, not ettercap itself.  Try checking the permissions of the containing directory:
# ls -ld /root/.local/share/
drwxr-xr-x 6 root root 4096 Aug 14  2016 /root/.local/share//

@ David
# ls -ld /root/.local/share/
drwx------ 6 root root 4096 jun 14 10:37 /root/.local/share//
or
# ls -als /root/.local/
totaal 12
4 drwx------  3 root root 4096 sep  9  2014 ./
4 drwxr-x--- 25 root root 4096 jun 14 14:15 ../
4 drwx------  6 root root 4096 jun 14 10:37 share/
Looks OK, doesn't it??

Yeah, it's an odd warning message for sure.  You wouldn't expect root to have permission issues anyway.  I wonder if it drops privileges or doesn't expect to be run as root.

I tried to run as a normal user, but that results in permission problems on the device. So no go.

Re Comment 4
I have had the log file "permission denied" before; shrug shoulders.
For the Curses & GTK interfaces, if they seem to function, fine. Making the package work is more a matter of knowing how to drive it; I got further this time - without knowing how or why - than on previous updates.
Re Comment 8
We know from earlier tests that you need to be root to run this; whether that is intented or not.
Thanks Herman. OKing 32-bit, Validating.

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK advisory => MGA5-64-OK advisory MGA5-32-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2017-0173.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED

*** Bug 27758 has been marked as a duplicate of this bug. ***

CC: (none) => zombie_ryushu