A security issue in ettercap has been announced today (May 1): http://openwall.com/lists/oss-security/2017/05/01/6 A fix does not appear to be available yet. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Fedora has issued an advisory for this today (June 9): https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BK4IYANXQO2REIN2XSKIFCETM7EQJAUZ/
Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated ettercap packages fix security vulnerability: The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted filter that is mishandled by etterfilter (CVE-2017-8366). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8366 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/BK4IYANXQO2REIN2XSKIFCETM7EQJAUZ/ ======================== Updated packages in core/updates_testing: ======================== ettercap-0.8.2-1.1.mga5 libettercap0-0.8.2-1.1.mga5 from ettercap-0.8.2-1.1.mga5.src.rpm
CC: (none) => pterjanWhiteboard: MGA5TOO => (none)Assignee: pterjan => qa-bugsSeverity: normal => majorVersion: Cauldron => 5
Testing M5 64-bit real hardware with Ethernet link to Internet box. BEFORE update: ettercap-0.8.2-1.mga5 lib64ettercap0-0.8.2-1.mga5 [ Previously tested https://bugs.mageia.org/show_bug.cgi?id=20486 ] AFTER update: ettercap-0.8.2-1.1.mga5 lib64ettercap0-0.8.2-1.1.mga5 # ettercap -I ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team List of available Network Interfaces: enp4s0 enp4s0 lo Local Loopback bluetooth-monitor Bluetooth Linux Monitor usbmon1 USB bus number 1 etc etc # strace ettercap -I 2>&1 | grep ettercap open("/lib64/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3 ------------- # ettercap -C Shows the curses screen, fully actionable. This time I managed to get a log file accepted & written to. ---------------------- # strace ettercap -G 2>&1 | grep ettercap open("/lib64/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3 Showed the GTK GUI, seemed fully functional. I managed to get some comms traffic output. This update looks good. Advisory to follow.
Whiteboard: (none) => MGA5-64-OKCC: (none) => lewyssmith
Whiteboard: MGA5-64-OK => MGA5-64-OK advisory
MGA5-32 on Asus A6000VM Xfce Installation: when selecting ettercap I have to manually add libettercap, I expected this one to be a dependency??? At CLI as root by using "su -l" # ettercap -I ettercap 0.8.2 copyright 2001-2015 Ettercap Development Team List of available Network Interfaces: wlp0s29f7u4 wlp0s29f7u4 lo Local Loopback enp1s0 enp1s0 bluetooth-monitor Bluetooth Linux Monitor usbmon1 USB bus number 1 etc... # strace ettercap -I 2>&1 | grep ettercap execve("/usr/bin/ettercap", ["ettercap", "-I"], [/* 46 vars */]) = 0 open("/lib/libettercap.so.0", O_RDONLY|O_CLOEXEC) = 3 With ettercap -C or -G I get into problems. I can start sniffing, see the connections, but when trying to define a log file, I get "Permission denied". At the CLI with -G I get the message: (ettercap:8603): Gtk-WARNING **: Attempting to read the recently used resources file at `/root/.local/share/recently-used.xbel', but the parser failed: Openen van bestand â/root/.local/share/recently-used.xbelâ is mislukt: Toegang geweigerd. (ettercap:8603): Gtk-WARNING **: Attempting to store changes into `/root/.local/share/recently-used.xbel', but failed: Aanmaken van bestand â/root/.local/share/recently-used.xbel.PZHS1Yâ is mislukt: Toegang geweigerd (ettercap:8603): Gtk-WARNING **: Attempting to set the permissions of `/root/.local/share/recently-used.xbel', but failed: Toegang geweigerd Toegang geweigerd means litteraly: Access denied. The permissions on the file look normal to me # ls -als /root/.local/share/recently-used.xbel 4 -rw------- 1 root root 1444 jun 14 10:37 /root/.local/share/recently-used.xbel
CC: (none) => herman.viaene
(In reply to Herman Viaene from comment #4) > Installation: when selecting ettercap I have to manually add libettercap, I > expected this one to be a dependency??? If you're upgrading it, then yes you'll have to manually select all relevant packages while QA testing. That's normal. As for the Gtk-WARNING, it's a warning and it's from Gtk, not ettercap itself. Try checking the permissions of the containing directory: # ls -ld /root/.local/share/ drwxr-xr-x 6 root root 4096 Aug 14 2016 /root/.local/share//
@ David # ls -ld /root/.local/share/ drwx------ 6 root root 4096 jun 14 10:37 /root/.local/share// or # ls -als /root/.local/ totaal 12 4 drwx------ 3 root root 4096 sep 9 2014 ./ 4 drwxr-x--- 25 root root 4096 jun 14 14:15 ../ 4 drwx------ 6 root root 4096 jun 14 10:37 share/ Looks OK, doesn't it??
Yeah, it's an odd warning message for sure. You wouldn't expect root to have permission issues anyway. I wonder if it drops privileges or doesn't expect to be run as root.
I tried to run as a normal user, but that results in permission problems on the device. So no go.
Re Comment 4 I have had the log file "permission denied" before; shrug shoulders. For the Curses & GTK interfaces, if they seem to function, fine. Making the package work is more a matter of knowing how to drive it; I got further this time - without knowing how or why - than on previous updates. Re Comment 8 We know from earlier tests that you need to be root to run this; whether that is intented or not. Thanks Herman. OKing 32-bit, Validating.
Keywords: (none) => validated_updateWhiteboard: MGA5-64-OK advisory => MGA5-64-OK advisory MGA5-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0173.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED
*** Bug 27758 has been marked as a duplicate of this bug. ***
CC: (none) => zombie_ryushu