Bug 6988

Summary: ettercap missing update for security issue CVE-2010-3843
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact:
Severity: major    
Priority: Normal CC: davidwhodgins, pterjan, sysadmin-bugs, tmb
Version: 2Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/480389/
Whiteboard: MGA2-32-OK MGA2-64-OK
Source RPM: ettercap-0.7.4.1-1.mga2.src.rpm CVE:
Status comment:

Description David Walser 2012-08-09 00:08:48 CEST 
Fedora has issued an advisory on January 31:
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072925.html

Patched package uploaded for Mageia 2 and Cauldron.

Advisory:
========================

Updated ettercap package fixes security vulnerability:

The GTK version of ettercap uses a global settings file at
/tmp/.ettercap_gtk and does not verify ownership of this file.  When
parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a
maliciously placed settings file to overflow a statically-sized buffer
on the stack (CVE-2010-3843).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3843
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072925.html
========================

Updated packages in core/updates_testing:
========================
ettercap-0.7.4.1-1.1.mga2

from ettercap-0.7.4.1-1.1.mga2.src.rpm
David Walser 2012-08-09 00:09:00 CEST

CC: (none) => pterjan

Comment 1 Dave Hodgins 2012-08-09 03:10:28 CEST 
I'll be testing Mageia 2 i586 shortly.

CC: (none) => davidwhodgins

Comment 2 Dave Hodgins 2012-08-09 03:23:03 CEST 
I don't see anything in the package or repositories related to a gtk
version of ettercap.

With the ettercap program running,
lsof -n|grep etter|grep tmp
doesn't show any files being used in /tmp.

Which program actually creates and uses /tmp/.ettercap_gtk?

Whiteboard: (none) => feedback

Comment 3 David Walser 2012-08-09 03:36:24 CEST 
ettercap has multiple different interfaces built in, selectable with a command-line option.

From the man page:
-C, --curses
    Ncurses based GUI. See ettercap_curses(8) for a full description. 

-G, --gtk
    The nice GTK2 interface (thanks Daten...). 

So ettercap -G runs the gtk interface.  A reproducer using that is on the RH bug:
https://bugzilla.redhat.com/show_bug.cgi?id=643453

Whiteboard: feedback => (none)

Comment 4 Dave Hodgins 2012-08-09 04:08:01 CEST 
Thanks.  Problem confirmed on Mageia 2 i586
ettercap 0.7.4.1 copyright 2001-2011 ALoR & NaGA

Ooops ! This shouldn't happen...
Segmentation Fault...

I'll test the update now.
Comment 5 Dave Hodgins 2012-08-09 04:21:03 CEST 
Testing complete on Mageia 2 i586 and x86-64.

Could someone from the sysadmin team push the srpm
ettercap-0.7.4.1-1.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates.

Advisory: Updated ettercap package fixes security vulnerability:

The GTK version of ettercap uses a global settings file at
/tmp/.ettercap_gtk and does not verify ownership of this file.  When
parsing this file for settings in gtkui_conf_read()
(src/interfaces/gtk/ec_gtk_conf.c), an unchecked sscanf() call allows a
maliciously placed settings file to overflow a statically-sized buffer
on the stack (CVE-2010-3843).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3843
http://lists.fedoraproject.org/pipermail/package-announce/2012-February/072925.html

https://bugs.mageia.org/show_bug.cgi?id=6988

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs
Whiteboard: (none) => MGA2-32-OK MGA2-64-OK

Comment 6 Thomas Backlund 2012-08-12 21:44:03 CEST 
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0214

Status: NEW => RESOLVED
CC: (none) => tmb
Resolution: (none) => FIXED