An advisory has been issued on December 16: https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ The Debian LTS advisory just listed two of the CVEs, as those probably were the only ones that affected the 0.7.x version that they had. We're probably affected by more of them as we have version 0.8.0. Upstream commits to fix the issues are linked in the Obrela advisory. Mageia 4 is also affected. Reproducible: Steps to Reproduce:
Whiteboard: (none) => MGA4TOO
Blocks: (none) => 14674
Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated ettercap package fixes security vulnerabilities: Heap-based buffer overflow in the dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted password length value that is inconsistent with the actual length of the password (CVE-2014-6395). The dissector_postgresql function in dissectors/ec_postgresql.c in Ettercap before 8.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted password length, which triggers a 0 character to be written to an arbitrary memory location (CVE-2014-6396). Integer underflow in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds write) and possibly execute arbitrary code via a small size variable value in the dissector_dhcp function in dissectors/ec_dhcp.c, length value to the dissector_gg function in dissectors/ec_gg.c, or string length to the get_decode_len function in ec_utils.c or a request without a username or password to the dissector_TN3270 function in dissectors/ec_TN3270.c (CVE-2014-9376). Heap-based buffer overflow in the nbns_spoof function in plug-ins/nbns_spoof/nbns_spoof.c in Ettercap 8.1 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a large netbios packet (CVE-2014-9377). Ettercap 8.1 does not validate certain return values, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted name to the parse_line function in mdns_spoof/mdns_spoof.c or base64 encoded password to the dissector_imap function in dissectors/ec_imap.c (CVE-2014-9378). The radius_get_attribute function in dissectors/ec_radius.c in Ettercap 8.1 performs an incorrect cast, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via unspecified vectors, which triggers a stack-based buffer overflow (CVE-2014-9379). The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (out-of-bounds read) via a packet containing only a CVS_LOGIN signature (CVE-2014-9380). Integer signedness error in the dissector_cvs function in dissectors/ec_cvs.c in Ettercap 8.1 allows remote attackers to cause a denial of service (crash) via a crafted password, which triggers a large memory allocation (CVE-2014-9381). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6395 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6396 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9376 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9377 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9378 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9379 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9380 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9381 https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/ ======================== Updated packages in core/updates_testing: ======================== ettercap-0.8.0-3.1.mga4 from ettercap-0.8.0-3.1.mga4.src.rpm
Version: Cauldron => 4Blocks: 14674 => (none)Summary: ettercap new security issues CVE-2014-9380, CVE-2014-9381, and possibly others => ettercap new security issues CVE-2014-639[56], CVE-2014-937[6-9], and CVE-2014-938[01]Whiteboard: MGA4TOO => (none)Assignee: pterjan => qa-bugsCC: (none) => pterjan
Tested on mga4 32bit OK Didn't see a POC so I ran it through a few different ways I use it. Didn't see any issues with what I tested and all plugins listed loaded without issue. ettercap -T ettercap -G ettercap -C
CC: (none) => dpremy
Whiteboard: (none) => mga4-32-ok
MGA4-64 ON HP Probook 6555b KDE Wifi connected This PC did not have an older ettercap installation. No installation issues. Tried commands as per Comment 2 $ ettercap -T ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team ERROR : 1, Operation not permitted [/home/iurt/rpmbuild/BUILD/ettercap-0.8.0/src/ec_network.c:network_init:67] Surely there is no /home/iurt/ on my PC. This command bombs out. ettercap -G opens GUI application, but when I select Sniff - Unified sniffing, there is no device available. ettercap -C Application opens, but as soon as I navigate to Sniff - Unified sniffing, the program bombs out. Disconnected WiFi and connected Ethernet cable: still no device.
CC: (none) => herman.viaene
In VirtualBox, M4, KDE, 32-bit Package(s) under test: ettercaap default install of ettercap [root@localhost wilcal]# urpmi ettercap Package ettercap-0.8.0-3.mga4.i586 is already installed [root@localhost wilcal]# ettercap -T ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team Listening on: enp0s3 -> 08:00:27:84:88:A0 192.168.1.88/255.255.255.0 fe80::a00:27ff:fe84:88a0/64 2602:306:ce13:d0b0:a00:27ff:fe84:88a0/64..... ettercap -G & ettercap -C opens ettercap dialog window. install ettercap from updates_testing [root@localhost wilcal]# urpmi ettercap Package ettercap-0.8.0-3.1.mga4.i586 is already installed [root@localhost wilcal]# ettercap -T ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team Listening on: enp0s3 -> 08:00:27:84:88:A0 192.168.1.88/255.255.255.0 fe80::a00:27ff:fe84:88a0/64 2602:306:ce13:d0b0:a00:27ff:fe84:88a0/64..... ettercap -G & ettercap -C opens ettercap dialog window. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
CC: (none) => wilcal.int
In VirtualBox, M4, KDE, 64-bit Package(s) under test: ettercaap default install of ettercap [root@localhost wilcal]# urpmi ettercap Package ettercap-0.8.0-3.mga4.x86_64 is already installed [root@localhost wilcal]# ettercap -T ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team Listening on: enp0s3 -> 08:00:27:A7:DA:FC 192.168.1.130/255.255.255.0 fe80::a00:27ff:fea7:dafc/64 2602:306:ce13:d0b0:a00:27ff:fea7:dafc/64..... ettercap -G & ettercap -C opens ettercap dialog window. install ettercap from updates_testing [root@localhost wilcal]# urpmi ettercap Package ettercap-0.8.0-3.1.mga4.x86_64 is already installed [root@localhost wilcal]# urpmi ettercap Package ettercap-0.8.0-3.1.mga4.x86_64 is already installed [root@localhost wilcal]# ettercap -T ettercap 0.8.0 copyright 2001-2013 Ettercap Development Team Listening on: enp0s3 -> 08:00:27:A7:DA:FC 192.168.1.130/255.255.255.0 fe80::a00:27ff:fea7:dafc/64 2602:306:ce13:d0b0:a00:27ff:fea7:dafc/64..... ettercap -G & ettercap -C opens ettercap dialog window. Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, Nvidia driver virtualbox-4.3.10-1.1.mga4.x86_64 virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64
For me this update works fine. It monitors the traffic in a root terminal with the ettercap -T command. I think if there are performance issues that should be a seperate bug. This is a security update only. Testing complete for mga4 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push this to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: mga4-32-ok => mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
LWN reference for the rest of the CVEs: http://lwn.net/Vulnerabilities/628525/
Advisory uploaded.
Whiteboard: mga4-32-ok mga4-64-ok => has_procedure advisory mga4-32-ok mga4-64-ok
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0012.html
Status: NEW => RESOLVEDResolution: (none) => FIXED